Security Awareness Awareness<p>​The number and severity of social engineering attacks is increasing dramatically. Hackers unerringly target the weakest component of corporate protection, i.e. the human factor, using increasingly sophisticated methods and technologies. <br></p><p>Random attempts at distributing fraudulent letters are a thing of the past. Today, businesses and institutions face sophisticated phishing, completely believable fake phone calls and, more and more often, attacks using artificial intelligence. </p><p>The goal of all these activities is to misuse employee accounts and gain access to the company’s system so that the attackers can then blackmail the company or use it as a springboard to attack its partners. </p><p>A company may have the most sophisticated technological protection there is, but it is useless when an attacker decides to focus on deceiving poorly trained employees instead of breaking complex codes. </p><p>The defensive wall of any company is only as strong as its weakest link. And that link has always been and will always be people with their typically human imperfections and weaknesses. Findings show that there is no more effective protection of the corporate environment than informed employees who can react correctly and in a timely manner. </p><p>The best way to protect the company from cyber criminals is to train its people. To turn weakness into a strength. See how we can help you at <a href="">​</a>. </p>​<br>
ARICOMA Group acquires Swedish tech consultancy company Stratiteq Group acquires Swedish tech consultancy company Stratiteq<p> <strong style="color:#6773b6;">​​​​ARICOMA Group takes another step in its international expansion as it acquires the Swedish technology company Stratiteq. ARICOMA Group, an IT services buy-and-build platform owned by KKCG, will strengthen its position not only in the markets of Sweden and Scandinavia but also within the field of data-driven business solutions and strategic consulting. Stratiteq, ​with offices in Malmö and Stockholm, brings over 100 new employees to ARICOMA Group.</strong></p><p>”With Stratiteq, we have found a true gem of a company, with great people. Their track record is impressive, with many innovative projects for both regional and international companies such as Haldex, Skånetrafiken, Securitas, and Vattenfall. They know the whole process from start to finish; from advanced software development, to innovative strategies that transform how companies can operate in the digital and data-driven landscape. They will strengthen our group, and we will accelerate their growth. It’s really a perfect fit,” says Ludovic Gaudé, Head of Custom Software Development operations at ARICOMA Group.</p><p> <img src="/cz/PublishingImages/news/2021/stratiteq-johan-ahlqvist.jpg" data-themekey="#" alt="" style="margin:5px;width:75px;height:100px;float:left;" />Johan Ahlqvist, Chairman of the Board at Stratiteq, continues:” We are delighted to join the ARICOMA Group. For us, this is taking a natural next step in the story of Stratiteq, by fast-tracking the new strategic direction we started in 2020, while respecting the core values on which Stratiteq was founded 17 years ago. We look forward to working with the companies in the group and creating innovative solutions together.”</p><p>ARICOMA Group is working towards becoming a strong European player in the field of ICT and SW solutions. According to Michal Tománek, Investment Director at KKCG, this acquisition is yet another step towards that goal. “Stratiteq will help us not just to increase our profile in Scandinavia but also to enhance our capabilities in the extremely attractive space of digital transformation.”</p><p>With this acquisition, all of Stratiteq’s operations and lines of business will continue unchanged in the near future. ARICOMA Group is committed to maintaining the leadership and the core values that Stratiteq was built upon.</p><p> <img src="/cz/PublishingImages/news/2021/stratiteq-frank-hennekens.jpg" data-themekey="#" alt="" style="margin:5px;width:75px;height:100px;float:right;" />Frank Hennekens, CEO, Stratiteq, says: ”We have big ambitions and have so far focused 100% on creating our own growth. But when we met with the people behind ARICOMA Group, it just felt right, not least culturally. We believe that our competence is a natural complement to the ARICOMA Group and we are excited to become part of a constellation that has both the knowledge and the muscle to help us grow our business.”</p><p>The deal was signed this Monday, where an agreement on the sale of a 100% share in the company was made by the owners of Stratiteq and representatives of the ARICOMA Group. The transaction is still subject to approval of the respective anti-monopoly offices and is expected to close at the beginning of October.</p><p>Once the deal goes through, the ARICOMA Group will comprise of 9 companies with a consolidated turnover exceeding EUR 340 million, and an EBITDA (earnings before interest, taxes, depreciation, and amortization) of almost EUR 37 million. It employs over 3,000 people.</p><p></p><p> <img src="/cz/PublishingImages/news/loga/stratiteq-logo-50px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>Stratiteq is a knowledge-based consultancy company for forward thinking clients who aim to become sustainable data-driven businesses. Stratiteq enables clients to take control of their digital future through the delivery of technology and strategy implementations. They help identify and implement solutions for better decision-making and enable companies to make their unique data their new competitive advantage. Stratiteq is specialized within the industries of Public Transport, Professional Services and Manufacturing. Stratiteq was founded in 2004 and has over 100 employees with offices in Malmö and Stockholm. Stratiteq’s client list includes Haldex, Höganäs, Region Skåne, Securitas, Skånetrafiken and Vattenfall.</p><p> </p><p> <img src="/cz/PublishingImages/news/loga/aricoma-group-purple-50px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>ARICOMA Group is a leading Central European IT Services provider with a significant Scandinavian presence, over EUR 340 mil. of revenue and 3,000 specialists providing services to over 200 clients in 20+ markets from its 15+ Europe-based delivery centres. ARICOMA’s focus is to help both private- and public-sector clients navigate the ever-changing demands, risks, and business opportunities. Through its portfolio companies, it provides end-to-end digital transformation solutions, including UX design and consulting, custom software development, IT infrastructure and IT operations management, cloud operations, and cloud security services. Notable members of ARICOMA Group include Sweden- and CEE-based custom software developer Seavus, Czechia- and Slovakia-based system integrator AUTOCONT, custom software developers Cleverlance Enterprise Solutions and KOMIX, cybersecurity services specialist AEC and EU-based Tier 3-capable datacentre DataSpring.</p><p> </p><p> <img src="/cz/PublishingImages/news/loga/KKCG-logo-35px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>The KKCG Group, managed by Karel Komárek, one of the most successful Czech entrepreneurs, is an international investment company with a total value of more than €7bn. The KKCG Group develops its business activities in twenty-eight countries around the world and its key fields include the entertainment industry, the energy industry, IT technologies, and real estate. It holds shares in many domestic and international companies, including SAZKA Group, ARICOMA Group, MND Group, KKCG Real Estate, US Methanol, the capital fund Springtide Ventures and others. KKCG also invests in the American fund Jazz Venture Partners, based in Silicon Valley. This fund focuses on investments in technologies for improving human performance, for instance, ​through neuroscience.</p> <br> <br> <br>
Covid-19 failed to stop AEC get its ISO 9001:2015 certification this year failed to stop AEC get its ISO 9001:2015 certification this year<p> <strong>​​​AEC a.s. once again managed to successfully obtain the ISO 9001:2015 quality management system certificate in 2021. The final report of the certification body, Lloyds Register, shows that the quality management system in place is an effective tool for managing the company, or rather its processes, and is continuously being improved.</strong></p><p>“Despite the crisis associated with Covid-19, we at AEC have once again defended our ISO 9001:2015 certification. It is thus clear that the unexpected use of home office for so long - and the associated sudden changes - did not have a negative impact on the pre-set processes in our company. Obtaining this year's certification is clear proof for us that the quality of our work has not wavered despite the difficulties associated with what is going on at the global scale. We obtained the first such ISO certificate in 1998, and, to the satisfaction of our customers, we will continue to do so, regardless of any further negative external influences,” said Karin Gubalová, Head of Risk & Compliance at AEC.</p><div style="text-align:center;"> <strong></strong><img class="maxWidthImage" alt="QMS UKAS" src="/cz/PublishingImages/news/2018/qms-logo-ukas.jpg" data-themekey="#" style="width:350px;height:245px;" /><strong></strong> </div><p>The quality management system is described in the well-known ISO 9000 series of standards. These standards are issued by the International Organization for Standardization (ISO). ISO 9001:2015 is the basis on which the entire system is built. It defines the requirements for quality management systems in companies that prove their ability to consistently provide products that comply with technical and legislative regulations, as well as products that meet ever-changing customer requirements.</p><p> <a href="/cz/Documents/Files/2021/AEC-QMS-CESCZ.PDF" target="_blank">QMS certifikát (C<span>Z</span>)</a></p><p> <a href="/cz/Documents/Files/2021/AEC-QMS-ENGUS.PDF" target="_blank">QMS certificate (<span>EN</span>)</a></p><p> </p>
AEC customers benefit from the company’s unique collaboration with the Tenable platform customers benefit from the company’s unique collaboration with the Tenable platform<p> <strong>Tenable, a global leader in vulnerability management, has awarded AEC the Platinum Partner status. Thanks to this exclusive partnership, customers of the foremost Czech cybersecurity provider can benefit from the industry-leading tools and expert services on this US platform, tools that cover the entire vulnerability management process.</strong></p><p>The highest possible level of cooperation. That is what the platinum partnership between AEC and Tenable entails. So just who are Tenable? A US-based provider of vulnerability management security solutions. Through its platform the company’s products are used by tens of thousands of organizations worldwide, primarily because of their sophisticated technologies and original solutions to vulnerability management.</p><p>“We chose Tenable because this company has been focused purely on vulnerability management right from the very start, therefore the products it offers are of exceptional quality,” explains Maroš Barabas, Head of Product Management at AEC. He goes on to say that it is this successful cooperation with Tenable that has made vulnerability management a strategic product for AEC.</p><p style="text-align:center;"> <img class="maxWidthImage" src="/cz/PublishingImages/news/2021/tenable-forrester-leader.png" data-themekey="#" alt="" style="margin:5px;width:658px;" /> </p><p>Vulnerability management is a process that involves detecting, analysing and evaluating system vulnerabilities, including their removal. The basic detection tool is equipment used to scan for vulnerabilities. The most critical ones should then be analysed by an expert who can thus understand how an attacker can exploit them and who also has intimate knowledge of the network and the systems on it. This approach is the most effective both in terms of prioritising vulnerabilities and the subsequent patching.</p><p>AEC currently has an experienced team of experts who can fully comprehend the entire vulnerability management process as used in companies and institutions. “AEC focuses on delivering security as a service provided in close partnership with customers and the area of vulnerability management is the best example of this,” notes Maroš Barabas, specifying that it is not only about the technical solution itself, but also about ensuring that the entire vulnerability management process is always in full agreement with the customer’s needs and capabilities.</p><p>The AEC team offers its clients a wide range of technologies and services. The cornerstone is choosing and implementing a suitable tool, setting up the vulnerability management processes and its technological integration. Whilst doing so, it also offers hardening, compliance checks and a whole host of other solutions, such as manual identification and verifying the vulnerabilities in systems and applications.</p><p style="text-align:center;"> <img class="maxWidthImage" src="/cz/PublishingImages/news/2021/tenable-platinum-partner.jpg" data-themekey="#" alt="" style="margin:5px;width:658px;" /> </p><p>The collaboration between AEC and Tenable has been ongoing since 2010. At the time, the Czech cyber security provider was the first in the Czech Republic and Slovakia to be partnered with the US platform. Eight years later, Tenable gave this partnership Gold status, and in 2021 it was upgraded to the highest possible level – Platinum.<br></p>
ARICOMA Group acquires the IT company KOMIX Group acquires the IT company KOMIX<p> <strong style="color:#6773b6;">?Another major player in the domestic information technology market will become part of the ARICOMA Group, which belongs to entrepreneur Karel Komárek’s investment group KKCG. Today, the owners of KOMIX and representatives of the ARICOMA Group signed an agreement on the sale of a 100% share in the company. The transaction is still subject to approval by the Office for the Protection of Competition (ÚHOS).</strong></p><p>For almost thirty years, KOMIX has been developing bespoke software for e-government, health insurance companies and major companies such as Škoda Auto, Nestlé or Porsche Czech Republic. In the past, KOMIX has taken part in projects such as electronic sick notes, biometric travel documents and an information system for the population register. KOMIX’s revenues rank it among the top 10 suppliers on the Czech market as concerns developing customised software. This year’s sales are predicted to reach more than half a billion crowns. KOMIX employs just under 300 people, above all developers.</p><p>“It is a great honour for me that we are to be part of the ARICOMA group and that we will play an active role in accomplishing its vision to build an ICT leader of European importance,” said Tomáš Rutrle, KOMIX’s director and current co-owner. “Thanks to this merger, we will be able to offer our current customers a much wider portfolio of services, whilst at the same time we will work with other companies in the group to reach out to new customers in the Czech Republic and abroad. We bring decades of experience to the ARICOMA Group, this includes large-scale projects, a passion for IT technologies and a proven ability to finish the job to a satisfactory conclusion for all. We firmly believe that we are at the start of an amazing story of digital transformation, one that is growing from its roots in the Czech Republic, and we want to be a fully-fledged part of it,” added Rutrle.</p><p>After acquiring the international company Seavus at the end of last year, ARICOMA Group is continuing in its acquisition campaign. Its goal is to build a strong European player in the field of ICT and SW solutions. According to Michal Tománek, KKCG’s Investment Director, who is responsible for all IT acquisitions, KOMIX’s entry is another hugely important step in this direction. “We have managed to acquire a company that is a perfect fit for ARICOMA’s current portfolio of businesses. Their expertise, products and customer base will ideally complement what we already have at this moment in time. What’s more, in the future, we will be able to offer this mix of services not only to the domestic market, but increasingly to foreign markets too,” said Michal Tománek.</p><p>According to Milan Sameš, the ARICOMA Group’s CEO, this further expansion of the group is a continuation of the strategy it set out four years ago. “The current developments in the company, which have been fundamentally affected by the Covid-19 pandemic, show us that we have set off in the right direction and that our assumptions about developments in the market were correct. Customers are trying to accelerate the digital transformation as much as possible, and this brings new opportunities for the entire field of information technology,” said Sameš.</p><p>ARICOMA Group buys a 100% stake in KOMIX for a non-disclosed price. The entire transaction is financed from a bank loan and from the buyer’s own resources.</p><p>The company’s management, including its director Tomáš Rutrle, will continue to play a role in managing KOMIX. KOMIX will act independently until the transaction is approved by the ÚHOS. Once the deal goes through, the ARICOMA Group will comprise of 8 companies with a consolidated turnover exceeding CZK 8.5 billion, and an EBITDA (earnings before interest, taxes, depreciation, and amortization) of almost CZK 900 million. It employs over 3,000 people.<br><br></p><p> <img src="/cz/PublishingImages/news/loga/komix-logo-25px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>The company was established in 1992 and since its inception it has been offering software services to clients in the public and private spheres. This primarily concerns solutions for eGovernment and eHealth, where it helps the Czech state administration accelerate development so that these solutions are as user-friendly as possible for citizens. KOMIX is also a major supplier for car makers, namely Škoda Auto. In this segment, KOMIX is basing its steps on the current situation where the car industry is going through a fundamental transformation and mutually reinforcing trends, which include autonomous driving, shared mobility, online connectivity and electrification. Software solutions have thus become the main source of the customer’s perception of the car’s value, innovation and appeal. KOMIX also offers products focused on digital transformation, such as automated decision-making, business intelligence or robotic process automation. The company manages the comprehensive development of all layers in sophisticated information systems – front end, back end, database, mobile applications, integration buses. The most common technologies it uses for development are JAVA and Microsoft.NET. In February 2021, KOMIX opened a branch in Switzerland, where it acquired a new client, Nestlé, one of the largest food concerns in the world.</p><p> </p><p> <img src="/cz/PublishingImages/news/loga/aricoma-group-purple-50px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>The largest Czech ICT holding company, its members are AUTOCONT, Cleverlance, DataSpring, AEC, Cloud4com, Internet Projekt and Seavus. The companies from the ARICOMA Group cover its entire portfolio of business services, starting with the design of ICT architecture and going on to infrastructure and cloud services, implementing business applications up to developing their own large-scale software solutions and outsourcing. Its total revenues for 2020 exceeded CZK 8bn.</p><p> </p><p> <img src="/cz/PublishingImages/news/loga/KKCG-logo-35px.jpg" data-themekey="#" alt="" style="margin:5px;" /> <br>The KKCG Group, managed by Karel Komárek, one of the most successful Czech entrepreneurs, is an international investment company with a total book value of more than €6bn. The KKCG Group develops its business activities in twenty-two countries around the world and its key fields include the gaming industry, the energy industry, IT technologies and real estate. It holds shares in many domestic and international companies, including SAZKA Group, ARICOMA Group, MND Group, KKCG Real Estate, US Methanol, the capital fund Springtide Ventures and others. KKCG also invests in the American fund Jazz Venture Partners, based in Silicon Valley, which focuses, for instance, on investments in technologies for improving human performance (neuroscience).</p>
A pentad of our colleagues succeeded in the international CtF competition organized by partners from Tenable pentad of our colleagues succeeded in the international CtF competition organized by partners from Tenable<p> <strong style="color:#6773b6;"><span style="color:#6773b6;">The team of our colleagues, consisting of David Pecl, Lukáš Bendík, Erik Šabík, Vojtěch Šindler and Tomáš Hliboký, did well in the worldwide Capture the Flag competition. This year was the first time it was organized by one of our leading partners, the American company Tenable.</span></strong></p><p>The international Capture the Flag competition had a total of 1,762 participants and it was all under the direction of Tenable, a provider of top solutions for vulnerability monitoring. With such strong competition, the AEC representatives did amazingly well and finished in <a href="" target="_blank">21st place</a>.</p><p>Any one from all over the world could take part in the tournament, which was held from 18 to 22 February 2021. Participants could form teams of up to five people and solved their tasks either individually or together. AEC’s colours were defended by five representatives taken from the divisions for Technology, Penetration Tests and the Cyber Defence Centre.</p><p>The five-day competition itself consisted of ongoing task solving in <a href="" target="_blank">traditional categories</a>, such as web applications, reverse engineering, cryptology, coding, working with information (OSINT), forensic analysis, regular expressions and a whole host of others.</p><p>“We did best in cryptography, web applications and coding. Mainly because it is the bread and butter for pentesters,” said Erik Šabík, adding, “But we certainly didn’t fall behind in other tasks either, the problem was more to do with time. We solved it by agreeing that whoever had the time would open the page with the tasks and try and solve what they could. Sometimes we called each other, and we also brainstormed...”</p><p>Here it’s necessary to point out that, unlike many other teams, our busy colleagues could only get down to the competition tasks after they’d finished their professional duties, so they had significantly less time to solve them than the others.</p><p>However, this makes their success all the more valuable and our congratulations all the greater. Thanks to their position, they have now joined the elite ranks who can wow those around them with their exclusive T-shirts that the competition organizer reserved for the best of the best. &#128522;</p><p>CTF-related activities are nothing new to AEC. Apart from the fact that we often take part in such competitions, quite successfully it must be said, we regularly organize a similar event ourselves. One of the most popular things at our annual <a href="">Security conference</a>, the largest independent event of its kind in the Czech Republic, is the hacker competition.<br></p>
Vulnerabilities in Microsoft Exchange Server have a serious impact. Simple patching is not enough in Microsoft Exchange Server have a serious impact. Simple patching is not enough<h3>Unauthorized access to e-mail. Potential dangers of malicious code installation, data theft and misuse thereof with social engineering methods. Local companies and institutions are in serious danger connected to the massive attacks on systems using Microsoft Exchange Server. The latest large-scale incident revealed the fact that simple updating is not sufficient for the protection of the company's system.</h3><p> <br>The attack targeting one of the most common Microsoft software products used for e-mail exchange and resource sharing was most likely launched as early as the end of 2020. In the following months, before its discovery in March, hackers have silently attacked tens of thousands of servers around the globe. The Czech Republic and Slovakia did not escape these attacks either, as there were thousands of vulnerable servers in both countries. </p><p>A compromised e-mail server can serve the attackers as a springboard for attacking other systems in the organization, as well as those of its business partners, suppliers, or customers. Although updates are underway at present aiming at fixing the vulnerabilities, it cannot be ruled out that the hackers have created backdoors in the infected systems with an intention to use them for more future attacks.</p><p>As the experience of experts from the AEC company providing cyber protection to enterprises and institutions shows, attackers who have gained access to sensitive information will definitely try to effectively monetize the stolen data or misuse it for further attacks with social engineering methods.</p><p>Despite the timely installation of patches, no company can be sure that a number of confidential information such as contacts, addresses, employee names, invoices or contracts has not escaped from their systems together with the stolen e-mails. And this is also one of the reasons why cyber security experts continue to recommend the highest level of caution to be applied.</p><p>“If we cannot be sure whether the system was compromised or not, we have to assume that it was compromised,” comments Maroš Barabas, Head of Product Management in AEC and he adds: “Be prepared that attacks can be targeted not only at you, but also at all your partners, suppliers, or customers you are interacting with and that your confidential information and data can be misused to achieve it.” </p><p>The key issue with this type of compromise lies in the fact that the attacker knows perfectly well how the attacked company communicates with its surroundings due to possessing the stolen information. This allows him to follow with the communication in a proper manner and at the right time. For example with a fake e-mail written in a format identical to the correspondence which the infected company would normally exchange with its business partner, including the history of conversation.</p><p>However, there may be one tiny difference – for example in addition to the standard message attributes and the usual business information, the e-mail may also contain a little note: we are sending the requested invoice; however, we would like to notify you of a change in the account number. There is no way this e-mail can be recognized as a scam. The only way the company can be certain that it will not loose its money would be a proper check of such message by its duly informed employee. </p><p>“In this case, we recommend checking this information directly with the supplier by phone. But be sure not to call the number listed on the suspicious invoice, because the person on the other end of the line could easily be the attacker himself. Call only known numbers. And send the money only to accounts verified by a process not relying on e-mail communication,” says Maroš Barabas. He also said that companies can face these and similar practices by utilizing security awareness services. These include comprehensive employee trainings provided with the latest technologies and procedures, including testing. A specially trained worker could be exactly the decisive factor for ensuring the company’s cyber security.<br></p><p style="text-align:center;"> <img class="maxWidthImage" src="/cz/PublishingImages/news/2021/aec-security-awareness-graphics-2-eng.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>Please see our website <a href=""></a> for more information.<br></p>
We present new cybersecurity training programme provided on the KnowBe4 platform present new cybersecurity training programme provided on the KnowBe4 platform<p> <strong>AEC, a leading cybersecurity provider, is offering an effective training programme for employees of enterprises and institutions. Recently, the company started to utilize tools featured by the U.S.-made KnowBe4 platform for the provision of its security awareness services. When using these new tools, AEC’s customers will be now ready to face cyberattacks with greater success, including scam e-mails or fraudulent phone calls.</strong></p><p>Now, AEC’s customers can choose between two learning modes. The first one enables them to purchase the product in the form of providing a unique access to the tools on the U.S.-made KnowBe4 platform. Here, they may simulate hacker attacks themselves and subsequently, use the follow-up e-learning training as needed.</p><p>However, the majority of Czech companies do not possess the know-how required for such activities. A proper processing, targeting and evaluation of all steps requires lot of effort. For this reason, AEC offers also a second option, namely the opportunity to order security awareness as an all-embracing service with all procedures, including the utilization of unique tools, executed by AEC experts.</p><p style="text-align:center;"> <img class="maxWidthImage" alt="AEC Security Awareness" src="/cz/PublishingImages/news/2021/aec-security-awareness-graphics-1-eng.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>Maroš Barabas, Head of Product Management in AEC pointed out: “For AEC, the partnership with KnowBe4, a company that is indisputably one of the top leaders in the field of security awareness worldwide, means a significant evolution of its services portfolio,” and he added: “Now, we can interconnect and automate the individual partial steps in all our tutorials and steer their strength in the right direction.”</p><p>KnowBe4 has one main advantage. And that is its ability to combine testing with learning in an interesting way. The environment where it functions allows to carry out examinations before and after the training. This way, it is clearly visible which users are improving over time and which still need some help, and specifically with what. The results are helping to modify the trainings better, both to accommodate the individual participants, as well as the specific needs of the given organization.</p><p>A training programme assembled in the form of a series of attractive steps is now available to AEC’s customers: incident analysis, trainings, clear infographics, instructive e-mails, as well as examinations and specific testing of the knowledge acquired focusing on the physical, e-mail and phone call attack methods. The goal is to change the habits of the users and to reinforce new patterns in their behaviour until the topic of cybersecurity becomes a natural part of the corporate culture.</p><p>“We do not impersonate an attacker who would misuse the attack; in fact, exactly the opposite. Even though this is a training for educational purposes, our progress would be as insidious and as merciless as the actions taken by any of the experienced hackers,” observed Maroš Barabas, adding: “Our previous experience shows that personal confrontation with an attack, albeit simulated, together with an intense personal encounter with the situation provide a long-term experience for the employees."</p><p style="text-align:center;"> <img class="maxWidthImage" alt="AEC Security Awareness" src="/cz/PublishingImages/news/2021/aec-security-awareness-graphics-2-eng.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>Today, the overwhelming majority of all cyberattacks focus on the weakest link in corporate data protection, i.e. the human factor. Attackers use a variety of fraudulent methods, including the gathering of publicly available data and they do not hesitate to use it in order to pressure the user, confuse, and deceive him.</p><p>“A rising number of enterprises are becoming aware that the best way to secure their data from social engineering attacks does not mean building an expensive technological wall around it, but to educate their staff as well as they can. Our offer is an answer to the fact that education of employees in the form of a standard one-off training has proven to be ineffective,” concludes Maroš Barabas.</p><p>For more information please see <a href=""></a>.</p><p>AEC organizes short free webinars on the issue of cyber attacks. The next one will take place on Tuesday February 16 from 10 am CET. Maroš Barabas and ethical hacker Martin Fojtík will introduce the most common attacks and their form to those interested within forty-five minutes and outline what a security awareness program focused on the risks of social engineering should look like. The next time will be put in Q&A. More information at: <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=c2e66a69-98ba-44b2-9c45-29be530f4c7c&TermSetId=f883c0d5-da01-4517-a46d-bb0f2322ac82&TermId=53fb62fc-50ff-4fc4-b58b-9b3ccbb838b0"></a>.</p><p style="text-align:center;"> <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=b9ce95c9-07dc-4bea-b380-1061fe4d85cd&TermSetId=884ec23f-e893-4c04-bd81-6d70c3c2a36c&TermId=53fb62fc-50ff-4fc4-b58b-9b3ccbb838b0"> <img class="maxWidthImage" src="/cz/PublishingImages/webinar/security-awareness-cz-2021.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /></a> </p>
ARICOMA Group acquires the tech company Seavus Group acquires the tech company Seavus<p> <strong>ARICOMA Group representatives have announced a major step in the international expansion of the company, which is part of Karel Komárek’s KKCG Group. According to the purchase agreement, ARICOMA Group has acquired the technology company Seavus. With this acquisition, ARICOMA Group penetrates further markets in Europe and strengthens its position in the USA. At the same time, it becomes an international player in the IT industry, with consolidated revenues of EUR 300 million, earnings of over EUR 23 million before interest, taxes, depreciation, and amortization (EBITDA), and more than 2,800 employees.</strong></p><p> <em>“This acquisition fulfils the long-term strategy of the KKCG Group in the field of information technology. Ever since ARICOMA Group was founded, when we consolidated the big players on the Czech IT market, we always envisaged that the next step would be international expansion. Personally, I am delighted that we have been able to complete the transaction in these challenging times,”</em> says <strong>Michal Tománek, Technology Investment Director of KKCG</strong>. </p><p>ARICOMA Group (the IT services consolidation platform of the KKCG Group), continues to deliver on its ambition to become a major European IT services provider. According to Tománek, it will encompass a group of specialized companies, which together will offer customers an integrated range of digital transformation services.</p><p> <em>“With its range of services focused on IT consulting, software development, implementation of software solutions and products for maintenance and support, infrastructure management, cybersecurity and compliance, Seavus fits perfectly into the ARICOMA Group portfolio,”</em> says <strong>ARICOMA Group CEO, Milan Sameš</strong>. Sameš is also positive about the history of Seavus, which was founded in Malmö and Skopje in 1999 and has continued to develop ever since. Probably the best testament to the quality of its 800 employees is the fact that the company provides services in many countries in Europe including, its core Scandinavian region, the Benelux countries, Switzerland, and the USA. Its main clients include companies in the telecommunications sector (e.g. Sunrise, Tele2, A1, Globalstar), banking industry (Erste Bank, Banca Intesa, Marginalen Bank), and tech companies, such as Bosch. <em>“The experience we have gained this year, which has been so fundamentally marked by the coronavirus pandemic, tells us that the digital transformation of companies is proceeding faster than we had expected. We see in this a massive opportunity for further growth. The acquisition of Seavus fits into this plan perfectly,”</em> says <strong>Sameš</strong>. </p><p>One of the main objectives of ARICOMA Group is to establish itself more strongly in foreign markets while supporting the more dynamic development of its own SW solutions and services.</p><p> <em>“We strongly believe that the involvement of a strong strategic partner, such as ARICOMA Group of companies, will accelerate innovation and further strengthen our capabilities to offer high quality software development services and next generation solutions, to our customers worldwide. Now, we will remain not only dedicated to success, but even more motivated to accomplish our goals: expand our portfolio of customers, become a trustworthy partner in their process of digitalization, and to lead the way as one of Europe’s best IT providers. Seavus is going to be an immense part of the KKCG success story,” </em>says <strong>Igor Lestar, Chairman of the Board, Seavus Group</strong>. With this acquisition, all operations and lines of business will continue unchanged in the near future. ARICOMA Group is committed to maintaining the leadership and the core values that have made Seavus a trusted partner, service provider, and a reliable employer. </p><p>  </p><h2>Seavus</h2><p>Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions. The company has over 800 IT experts worldwide and offers a variety of products and service options, successfully covering the European and US market from several offices in the world. Their expanding portfolio covers: BSS/OSS, CRM, CEM, Business Intelligence solutions, ALM, embedded programming, business and consumer products, mobile and gaming solutions, managed services, as well as custom development, consultancy and resourcing. Seavus’ portfolio includes over 4000 customers, among which are leading worldwide telecom and handset manufacturers, organizations from the banking and finance industry, consumer electronics, technology, education, government, health, etc.<br>As of today, Seavus has fifteen operating offices located in several countries, including Sweden, the United States of America, North Macedonia, Belarus, Moldova, Switzerland, Serbia, Bosnia and Herzegovina, with a continuous growth strategy.</p><h2>ARICOMA Group</h2><p>The largest ICT holding in the Czech Republic. The group includes the companies AUTOCONT, Cleverlance, DataSpring, AEC, Cloud4com and Internet Projekt. The companies in the ARICOMA group provide a wide range of services, starting with the design of ICT architecture, through infrastructure and Cloud services and the implementation of corporate applications, up to the development of its own comprehensive software solutions and outsourcing.  Last year, the group’s overall revenue exceeded 7 billion crowns.</p><h2>About KKCG</h2><p>KKCG Group, founded and led by successful Czech entrepreneur, Karel Komárek, is an in-ternational investment company which manages more than EUR 6 billion (book value) of assets. KKCG operates in 19 countries and its key strategic sectors include gaming, oil and gas, technology and real estate. KKCG Group includes SAZKA Group, ARICOMA Group, MND Group, US Methanol, the Springtide Ventures capital fund, and others. <br></p>
IMPORTANT WARNING: TrickBot-Ryuk Activity Increased WARNING: TrickBot-Ryuk Activity Increased<p> <strong>TrickBot malware and Ryuk ransomware activity has grown significantly over the past 48 hours. This activity has been noticed by our technology team in the AEC customer base, across several different segments. Therefore, we recommend taking this warning with the utmost seriousness.<br><br></strong></p><hr /><h2>Update 02/11/2020:</h2><p>Further indicators of compromise were added, connected with, among others, the Emotet botnet. When investigating incidents at our customers’, we identified additional IOCs, which have been newly added in the table below.</p><hr /><p> </p><p>You may be aware of this malicious software due to the attacks successfully executed both this and last year; TrickBot malware and Ryuk ransomware were also taking part in the attack on the Benešov Hospital last December. We have already written several times about the abovementioned attack as well as about other activities by attackers using the Emotet botnet or the malware in question [1, 2].</p><p style="text-align:center;"> <img class="maxWidthImage" alt="TrickBot Ryuk" src="/cz/PublishingImages/news/2020/aec-TrickBot-Ryuk.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>On Wednesday October 25, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) reported on the increased activity of this malware and the likeness of attacks on hospitals and other healthcare facilities [3]. The Czech National Cyber and Information Security Agency (NÚKIB) also warned about the increased activity of the botnet Emotet in early October [4].</p><p>The current version of the TrickBot malware is no longer just your regular banking trojan. Now, after your computer has been attacked, the attackers have the ability to steal credentials and e-mail messages, to extract cryptocurrencies, steal data from payment systems, or to download additional malware or ransomware to the infected system.</p><p>We recommend all our customers to check how up-to-date is their endpoint protection solution and to scan for vulnerabilities, since the exploitation of vulnerabilities is the way this malware spreads across the network the most often. Companies with an IOC search tool can search the managed devices for IOCs listed in the table below. <br><br></p><table width="100%" class="ms-rteTable-default" cellspacing="0" style="height:33px;"><tbody><tr><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">IOC type</span></h3></td><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">IOC</span></h3></td><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">Note</span></h3></td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>File name</strong></td><td class="ms-rteTable-default">12 characters (including ".exe")</td><td class="ms-rteTable-default" rowspan="2">F.e. mfjdieks.exe</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">anchorDiag.txt</td></tr><tr><td class="ms-rteTable-default" rowspan="3"> <strong>Location of the suspicious file in the directory</strong></td><td class="ms-rteTable-default">C:\Windows\</td><td class="ms-rteTable-default" rowspan="3"></td></tr><tr><td class="ms-rteTable-default">C:\Windows\SysWOW64\</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">C:\Users\\AppData\Roaming\</td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>String</strong></td><td class="ms-rteTable-default">Global\fde345tyhoVGYHUJKIOuy</td><td class="ms-rteTable-default">Typically present in running memory</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">/anchor_dns/[COMPUTERNAME]_<br>[WindowsVersionBuildNo].[32CharacterString]/</td><td class="ms-rteTable-default">Typically present in the communication to the C&C server</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default"> <strong>Planned tasks</strong></td><td class="ms-rteTable-default">[random_folder_name_in_%APPDATA%_excluding_Microsoft]<br>autoupdate#[5_random_numbers]</td><td class="ms-rteTable-default"></td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>CMD command</strong></td><td class="ms-rteTable-default">cmd.exe /c timeout 3 && del C:\Users\[username]\[malware_sample]</td><td class="ms-rteTable-default"></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">cmd.exe /C PowerShell \"Start-Sleep 3; Remove-Item C:\Users\[username]\[malware_sample_location]\"</td><td class="ms-rteTable-default"></td></tr><tr><td class="ms-rteTable-default" rowspan="6"> <strong>DNS</strong></td><td class="ms-rteTable-default">kostunivo[.]com</td><td class="ms-rteTable-default" rowspan="6">DNS names connected with Anchor_DNS (included in the TrickBot malware)</td></tr><tr><td class="ms-rteTable-default">chishir[.]com</td></tr><tr><td class="ms-rteTable-default">mangoclone[.]com</td></tr><tr><td class="ms-rteTable-default">onixcellent[.]com</td></tr><tr><td class="ms-rteTable-default">innhanmacquanaogiare[.]com<span style="color:#6773b6;"> - update 2020-11-02</span></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">edgeclothingmcr[.]com <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default" rowspan="8"> <strong>DNS</strong></td><td class="ms-rteTable-default">ipecho[.]net</td><td class="ms-rteTable-default" rowspan="8">DNS names used for connectivity checks</td></tr><tr><td class="ms-rteTable-default">api[.]ipify[.]org</td></tr><tr><td class="ms-rteTable-default">checkip[.]amazonaws[.]com</td></tr><tr><td class="ms-rteTable-default">ip[.]anysrc[.]net</td></tr><tr><td class="ms-rteTable-default">wtfismyip[.]com</td></tr><tr><td class="ms-rteTable-default">ipinfo[.]io</td></tr><tr><td class="ms-rteTable-default">icanhazip[.]com</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">myexternalip[.]com</td></tr><tr><td class="ms-rteTable-default" rowspan="11"> <strong>IP address</strong></td><td class="ms-rteTable-default">23[.]95[.]97[.]59</td><td class="ms-rteTable-default" rowspan="11">C&C servers IP addresses</td></tr><tr><td class="ms-rteTable-default">51[.]254[.]25[.]115</td></tr><tr><td class="ms-rteTable-default">193[.]183[.]98[.]66</td></tr><tr><td class="ms-rteTable-default">91[.]217[.]137[.]37</td></tr><tr><td class="ms-rteTable-default">87[.]98[.]175[.]85</td></tr><tr><td class="ms-rteTable-default">81[.]214[.]253[.]80 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">94[.]23[.]62[.]116 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">104[.]28[.]27[.]212 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">172[.]67[.]169[.]203 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">104[.]28[.]26[.]212 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">93[.]114[.]234[.]109 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr></tbody></table><p> </p><p> <span style="color:red;"> <strong>If you register any of the IOCs listed above or any other suspicious activity in your network, please do not hesitate to <a href="mailto:matej.kacic[@]">contact us directly</a> and ask for a consultation, incident analysis or the implementation of specific security measures. <br> <br></strong></span></p><hr /><h3>Sources:</h3><p>[1]: <a href="/cz/novinky/Stranky/zprava-o-bezpecnosti-v-prosinci-2019.aspx" target="_blank"></a><br>[2]: <a href="" target="_blank"></a><br>[3]: <a href="" target="_blank"></a><br>[4]: <a href="" target="_blank"></a><br></p>
Zerologon: Critical Vulnerability of Windows AD Critical Vulnerability of Windows AD<p style="margin:0px 0px 10px;text-align:justify;color:#696158;text-transform:none;line-height:1.6;text-indent:0px;letter-spacing:normal;font-family:source-sans-pro, open-sans, sans-serif;font-size:14px;font-style:normal;font-weight:400;word-spacing:0px;white-space:normal;orphans:2;widows:2;background-color:#ffffff;text-decoration-color:initial;text-decoration-style:initial;">The name of the vulnerability is closely related to the main attack vector exploiting the vulnerability, which is a bug in the configuration of the initialisation vector (IV) when encrypting Netlogon Remote Protocol (MS-NRPC) messages, allowing an internal attacker to fully break the encryption and to pass off as any computer of his choice in the network.</p><p style="margin:0px 0px 10px;text-align:justify;color:#696158;text-transform:none;line-height:1.6;text-indent:0px;letter-spacing:normal;font-family:source-sans-pro, open-sans, sans-serif;font-size:14px;font-style:normal;font-weight:400;word-spacing:0px;white-space:normal;orphans:2;widows:2;background-color:#ffffff;text-decoration-color:initial;text-decoration-style:initial;"> </p><p style="text-align:center;"> <img class="maxWidthImage" alt="Samsung zranitelnost" src="/cz/PublishingImages/news/2020/aec-zerologon.png" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>The name of the vulnerability is closely related to the main attack vector exploiting the vulnerability, which is a bug in the configuration of the initialisation vector (IV) when encrypting Netlogon Remote Protocol (MS-NRPC) messages, allowing an internal attacker to fully break the encryption and to pass off as any computer of his choice in the network.</p><p>The impact of this vulnerability is enormous. So troubling in fact, that its severity in the Common Vulnerability Scoring System (CVSS) reached a critical 10 out of 10. A successful exploitation of the vulnerability allows an attacker who can establish TCP connections to a Domain Controller to escalate his privileges all the way up to the level of the domain admin, resulting in a complete compromising of the entire domain as well as all the systems connected to it. In most cases (unless the domain controller is publicly available from the Internet), the attack can only be performed from the internal network, therefore the chances of its misuse are reduced.</p><p>There are several scripts already circling on the Internet nowadays exploiting the vulnerability successfully (mostly to evidence the concept); also, due to the data available from some honeypot systems (systems that are intentionally vulnerable and accessible from the Internet, for which any attempts of exploit are actively monitored), the vulnerability is already actively and automatically exploited by several hacker groups on a global scale.</p><p>Microsoft announced two patches fixing the defect allowing this vulnerability. <a href=""><span lang="EN-GB">The first patch was issued on August 11, 2020</span></a> and it was labelled as critical. This patch fixes the bug enabling the attack and making it possible for an attacker to authenticate himself as any machine in AD. It should present a sufficient way of preventing the exploit. For this reason, we strongly recommend you to apply the patch and to update all domain controllers as soon as possible.</p><p>The second patch is planned for the beginning of the upcoming year and deals with one of the mechanisms of the RPC protocol related to the Signing and Sealing of RPC messages (RPC Signing and Sealing). This feature, set by a flag in the header of every message, determines whether the communication between the client and the DC is encrypted. By simply setting the value to 0, an attacker can turn this mechanism off and now he can send any messages without knowing the actual encryption key. This patch is not critical for the prevention of the vulnerability, since in order to be exploited, an authentication to the domain controller is required, which has been prevented by the first patch.</p><h2 dir="ltr" style="margin-right:0px;">Technical details</h2><p>The vulnerability was announced in a <a href=""><span lang="EN-GB">report published in September 2020 by Tom Tervoort, a security researcher</span></a> representing Secura. The report describes the flaws in the implementation of Netlogon Remote Protocol (MS-NRPC) encryption and the way in which it is possible to establish an authentication to a domain controller for any machine in the network, including the domain controller itself, with a simple brute force attack.</p><p>The MS-NRPC protocol is used in the AD environment for tasks related to the authentication of user and machine accounts. Most often, it is a matter of logging in to servers using the NTLM protocol, as well as changing the user password in the domain for example.</p><p>There is one thing peculiar about this protocol. And this is the fact that it does not use standard domain authentication mechanisms, such as Kerberos, but uses a different procedure instead. Simply put, for an authentication to be successful, the client and the server will exchange a set of random numbers (challenges) which they will combine with the user password hash, resulting in a common encryption key. Once the key generated by the client is identical to the key generated by the server, it is taken as a proof that the client knows the user's password and therefore, that it can be authenticated.</p><p>The issue lies in the manner in which the encryption key proving that the client knows its password is created. An AES<a href="/en/news/Pages/zerologon-kriticka-zranitelnost-windows-ad.aspx#_msocom_1">[ZN1]</a>  encryption is used to produce the key, but in a relatively obscure setting know as CFB-8, and in addition to it, also used in a wrong way, because it contains an initialisation vector with fixed value of 16 bytes of zeros (the initialisation vector is one of the primary mechanisms providing the proper functioning of this type of encryption, and it should be always a random number). Research has shown that this bug results in the fact that with the zero IV and for a randomly selected encryption key, the data containing only zeros will be encrypted as all zeros in one of about 256 cases (see the figure below).</p><p style="text-align:center;">   <img class="maxWidthImage" alt="Samsung zranitelnost" src="/cz/PublishingImages/news/2020/zerologon-01.png" data-themekey="#" style="margin:5px;width:650px;" /> </p><p style="text-align:justify;">The Zerologon vulnerability relies on this feature and bypasses the calculation of the client challenge required by the server to prove that the client knows the correct value of the encryption key calculated for this session. The value required by the server is calculated by encrypting the selected random number (which is chosen by the client in the previous authentication step) with an encryption key generated on the basis of both random numbers (from the client and the server). Therefore, due to the encryption flaw described above, it is possible to forge this answer, since in case the client selects its random key in the form of all zeros, the encrypted value will equal a chain of all zeros for 1 out of 256 encryption keys on average. Thus, it is sufficient for an attacker to repeat the log-in process approximately 256 times until this phenomenon occurs, resulting in a successful authentication and gaining the ability to perform actions on the user account, such as changing the password.</p><p style="text-align:justify;">In order to complete the attack successfully, it is necessary to exploit the second part of the vulnerability connected to RPC Signing and Sealing of messages. This feature determines whether the rest of the communication between the server and the client will be encrypted (using the encryption key obtained in the previous step), or if the communication will be unencrypted. However, the authentication handshake includes a header defined by the client allowing this feature to be disabled, thus enabling the attacker (not knowing the encryption key because the log in as such was executed with no knowledge of it by exploiting the first part of the Zerologon vulnerability) to send additional requests to the server without restriction and to continue doing so until the server is completely compromised by changing the password for the domain administrator.</p><p style="text-align:center;"> <img class="maxWidthImage" alt="Samsung zranitelnost" src="/cz/PublishingImages/news/2020/zerologon-02.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p> <h2>Patching the vulnerability</h2><p>To prevent the exploitation of the vulnerability, application of security patches to all Windows Servers version 2008 and later is required, according to the information available at <a href=""><span lang="EN-GB"></span></a>.</p><h3 style="margin:auto;text-align:justify;color:#262626;text-transform:none;line-height:1.4em;text-indent:0px;letter-spacing:normal;font-family:source-sans-pro, open-sans, sans-serif;font-size:14px;font-style:normal;font-weight:bold;word-spacing:0px;white-space:normal;orphans:2;widows:2;background-color:#ffffff;text-decoration-color:initial;text-decoration-style:initial;">Sources</h3><ul style="list-style:square;margin:0px;padding:0px 0px 0px 20px;text-align:justify;color:#696158;text-transform:none;text-indent:0px;letter-spacing:normal;font-family:source-sans-pro, open-sans, sans-serif;font-size:14px;font-style:normal;font-weight:400;word-spacing:0px;white-space:normal;orphans:2;widows:2;background-color:#ffffff;text-decoration-color:initial;text-decoration-style:initial;"><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li><li> <a href="" target="_blank" style="color:#5c72b7;text-decoration:none;"></a></li></ul><p> </p><table width="390" style="border-width:0px;color:#696158;text-transform:none;text-indent:0px;letter-spacing:normal;font-family:source-sans-pro, open-sans, sans-serif;font-size:14px;font-style:normal;font-weight:400;word-spacing:0px;white-space:normal;border-collapse:collapse;orphans:2;widows:2;background-color:#ffffff;text-decoration-color:initial;text-decoration-style:initial;"><tbody><tr><td width="100" align="center" valign="middle"><img alt="Mikuláš Hrdlička, AEC" src="" data-themekey="#" style="margin:5px;border:currentcolor;width:100px;max-width:690px;" /></td><td width="290" align="left" valign="top"><p style="margin:0px 0px 10px;line-height:1.6;"><strong>Mikuláš Hrdlička</strong><br>Cyber Security Specialist<br>AEC a.s.</p><p style="margin:0px 0px 10px;line-height:1.6;"><img src="" data-themekey="#" alt="" style="margin:5px;border:currentcolor;width:150px;max-width:690px;" /> </p></td></tr></tbody></table>
New type of attack siphons money from ATMs. Financial institutions are implementing countermeasures type of attack siphons money from ATMs. Financial institutions are implementing countermeasures<p><strong><span lang="EN-GB" style="color:#696158;line-height:107%;font-family:source-sans-pro;font-size:10.5pt;"><strong>Financial institutions operating Diebold Nixdorf ATMs are facing new types of attacks. Tests conducted by AEC experts show that existing devices with an out-of-date system are unable to withstand an attack. Attacks on cashpoints, which are also widely used by banks in the Czech Republic and Slovakia, have recently been reported in many European countries.</strong></span></strong></p><p><strong><img src="/cz/PublishingImages/news/2020/SON00908.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /></strong> </p><p> </p><p>A major Slovak financial institution asked specialists from AEC, a leading cyber security provider, to test its ATMs. It did so after Diebold Nixdorf, one of the largest ATM suppliers, responded to the attacks with official security warnings. One of the things it shows is that the ATM manufacturer is looking into how it is possible that the attackers were apparently able to eavesdrop on communications within the device on an out-of-date version of the ATM.</p><p>During testing, AEC carried out a step by step simulation of the attacker's activities. The latest incidents fall into a category called ATM jackpotting, where the attacker gets under the chosen device's cover. Here, with the help of their own, specially modified device, the attackers connect to the ATM's USB port and communicate directly with the dispenser, i.e. the device that issues cash from the ATM. Another type of attack tested was one in which the attacker connects to the ATM's USB port and then tries to increase his access rights to the level of administrator so that he can subsequently evade the restrictions for uploading his own code.</p><p><em><img src="/cz/PublishingImages/aec-people/SON00208.jpg" data-themekey="#" alt="" style="margin:5px;width:144px;height:187px;vertical-align:auto;float:left;" /><em>"We have verified that a person who knows where to look can get to the ATM's hidden USB port in a matter of seconds," </em>warns Tomáš Sláma, head of penetration testers at AEC, adding,<em> "The result was the finding that those ATMs that did not have updated firmware, are not sufficiently resistant to this type of attack, and can be used to illegally withdraw money."</em></em></p><p>According to Tomáš Sláma, this is the reason why every responsible bank should employ experts to regularly check its resistance to various types of vulnerabilities, just as one of the banking houses in Slovakia did in this case.</p><p>Since it was set up, AEC's ethical hackers have become leaders in the field of cyber security. Thanks to their extensive experience, knowledge and erudition, they can test the security system of any ATM, and therefore they are regularly approached by a number of the world's leading banking companies. The AEC team provides a comprehensive security audit. This is used to alert the client to vulnerabilities in the system of the device being tested and offer recommendations on how to give it better security settings, thus significantly reducing the risk of misuse.</p><p><em>"In this case, after testing their device, we unequivocally recommend that clients update the firmware," </em>says AEC's head of penetration testers, specifying,<em> "The update increases the level of security in the communication between the system that allows money to be released and the dispenser. After it is installed, the device no longer accepts the attacker's specious commands." </em></p><p><em> </em></p><p style="text-align:center;"><em></em> <a href="/cz/Documents/Files/2020/AEC_Leaflet_ATM-CZ-prev.pdf?" target="_blank"><img src="/cz/PublishingImages/news/2020/AEC_Leaflet_ATM-ENG-prev.jpg" data-themekey="#" alt="" style="margin:5px;width:278px;height:396px;" /></a> </p><div class="ms-rtestate-read ms-rte-wpbox"><div class="ms-rtestate-notify ms-rtestate-read da0989e0-b202-43cf-ada9-ff10944de212" id="div_da0989e0-b202-43cf-ada9-ff10944de212" unselectable="on"></div><div id="vid_da0989e0-b202-43cf-ada9-ff10944de212" unselectable="on" style="display:none;"></div></div><p style="text-align:center;"> </p>
AEC merger and new company identification number merger and new company identification number<p>​Let us inform you that as of June 25, 2020, the merger of AEC a.s., as the merging company, with AEC Group a.s., as the successor company, took place. On the same date, AEC Group a.s. changed its name to AEC a.s. and as the legal successor of the merged company AEC a.s. entered into all its rights and obligations.<br><br></p><h2>Current information about AEC a.s. are as follows:</h2><p> <strong>Company identification number: 04772148</strong> (instead of the original 26236176)<br> <strong>VAT number: CZ04772148</strong> (instead of the original CZ26236176)<br> <strong>ISDS (ID data box): 9kvkzi9</strong><br> <strong>The file number of the entry in the Commercial Register is now B 21326</strong><br> The company headquarter remains the same: Voctářova 2500/20a, Prague 8, 180 00</p><p>All original information, including telephone numbers and e-mail contacts, remain valid.<br><br></p><p>See the full contacts at: <a href="/en/contact"></a>.</p>
AEC knows how to find and fix security bugs in applications under development. With support of Checkmarx from Israel knows how to find and fix security bugs in applications under development. With support of Checkmarx from Israel<p style="text-align:justify;"><strong>EAC, a leading cybersecurity provider, entered into partnership with the leading developer of solutions for the analysis, identification and elimination of security risks in application software. Tools from Checkmarx, an Israeli company, are helping AEC's customers to efficiently reconcile functional and security requirements for their applications under development.</strong></p><p style="text-align:justify;">Online communication between enterprises and their customers by way of various computer, web or mobile applications has become an absolute standard nowadays. However, the effort to build one's own applications as a means to keep up with rapid progress, brings along several considerable risks.</p><p style="text-align:justify;">The management usually gives preference to business aspects of the application, i.e. its speed, cost-minimization and maximum user-friendliness, over its security. The reason behind is the fact that all these processes comprising testing and verifications are extremely complex and when executed directly by the programmers, the development of each application becomes excessively lengthy and expensive.</p><p style="text-align:justify;">AEC has been focusing on the provision of cyber security for a long time now. <strong>It can provide its customers with appropriate tools and processes in order not to slow down the development of the application in question, even after all necessary security standards have been introduced. </strong>The company's experts guide the customers through gradual changes in processes and definition of security requirements and checks in order to enable their efficient work on the development of applications and at the same time, to ensure the highest possible level of security.</p><p style="text-align:justify;"><img src="/cz/PublishingImages/aec-people/maroš-barabas-2018-1.jpg" data-themekey="#" alt="" style="margin:5px;width:150px;height:204px;vertical-align:auto;float:right;" />Checkmarx products are among the key tools significantly assisting them with the minimization of security risks for the developed application. "<em>We are happy, because thanks to our partnership with Checkmarx, </em><a href="/en/products-and-services/Pages/secure-development.aspx"><strong><em>we have gained access to unique tools significantly streamlining the security management during development</em></strong></a>," says Maroš Barabas, Head of Product Management in AEC.</p><p style="text-align:justify;">These tools developed by the Israeli company enable AEC experts to include the application source code security checks directly into the program development life cycle. This way, all potential security bugs in the code can be found and fixed immediately over the course of the application development, with no undue delays.</p><p style="text-align:justify;"><em>"AEC has an extensive background in cybersecurity</em><em> and DevSecOps</em><em>, making them a natural fit for the Checkmarx partner program,"</em> said Orit Shilvock, Director of EMEA Channels, Checkmarx. </p><p style="text-align:justify;"><em><img src="/cz/PublishingImages/illustration/Checkmarx-logo-2019-vertical.png" data-themekey="#" alt="" style="margin:5px;width:168px;height:131px;vertical-align:auto;float:left;" />"</em><em>As organizations in the Czech Republic and around the world work to address security gaps in the applications and software they develop, they're turning to testing tools that streamline and accelerate DevOps workflows and enable the development of a more secure final product. </em><em>We're excited to add AEC as an authorized reseller of Checkmarx products and anticipate a long, fruitful relationship as they support our services and solutions for years to come." </em>said Orit Shilvock.</p><p style="text-align:justify;">The most common way to develop a new application is the so-called in-house development, when a company is programming an entire application on its own. If it is done by means of outsourcing, the customer contracts a third party to have certain things programmed to measure and assumes only the role of an authority placing requirements. In both cases, however, it is also necessary to keep in mind that security requirements have to be included and checked during the delivery acceptance phase.</p><p style="text-align:justify;">Due to the fact that AEC experts combine application security methodologies and standards based on the customers' requirements and capabilities, they are able to provide the required quality and level of application security either at the customer's or in case of a third-party developer workforce. And on top of that, the application will be precisely checked in scope of the acceptation criteria by AEC penetration testers in the end and all potential bugs and weaknesses will be found. </p><p style="text-align:justify;">The fact that their developers will learn to work in a more secure way is then quite an appreciable bonus for any company. It can therefore be assumed that their future projects will be more secure starting from the design phase and the whole development cycle will become more efficient.</p><p style="text-align:justify;">And this is also one of the AEC objectives. "<em>We are helping our customer to be able to manage on his own. We teach him to define security requirements and how to incorporate these requirements into development. When we see that they need it, we will also provide them with appropriate training,</em>" concludes Maroš Barabas.</p>
AEC experts eliminate hackers with EDR technology surpassing traditional antiviruses experts eliminate hackers with EDR technology surpassing traditional antiviruses<p style="text-align:justify;"><strong>To defeat hackers, AEC is successfully using a sophisticated solution, efficiency of which significantly exceeds the capabilities of traditional antivirus programmes. Leading cyber security provider’s specialists have repeatedly deployed EDR technology during responses to recent attacks in financial institutions and medical facilities. With help of this technology, they promptly detected the attackers and subsequently prevented them from any further harmful activities.</strong></p><p style="text-align:justify;">The Endpoint Detection and Response (EDR) technology is featuring tools providing ways to identify a problem immediately including its correct assessment, to take a series of appropriate measures, and ultimately, to completely eliminate it. At AEC, a group of the most experienced people forming our Cyber Defense Center (CDC) is designated for the monitoring of systems of our customers and for immediate response in case of attacks.</p><p style="text-align:justify;">Karel John, Head of CDC describes a typical situation: <em>"Not so long ago, we had an urgent call from the Institute of Health Information and Statistics. There was a cyberattack under way in one the domestic medical facilities," </em>and he further specifies:<em> "One of their endpoints showed every evidence of malware presence, encryption was in process, files were being renamed literally under one's hands."</em><em>   </em> </p><p style="text-align:center;"> <img class="maxWidthImage" alt="Karel John" src="/cz/PublishingImages/news/2020/AEC_CDC_Karel_John.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p style="text-align:justify;">CDC members deployed an EDR tool and discovered very quickly, that the main issue was not this specific machine, but that the malware was coming through the network from one of the servers. Following on that, with help of other EDR functionalities, they tracked the code, identified the attacker's sources, and stopped him. In this case, the whole intervention took them only few hours. </p><p style="text-align:justify;">Shortly after that, their good job was recognized also by Adam Vojtěch, Minister of Health, who in his statement for AEC, the parent company, said: <em>"I would like to express many thanks in the name of the Ministry of Health. We really appreciate your approach and selflessness." </em>The minister accentuated the fact that due to the efforts of CDC specialists the consequences of the attack were removed in an extremely short time.</p><p style="text-align:justify;">However, according to Karel John, critical situations like this one need not occur at all. If the customer has an EDR solution installed including professional supervision, i.e. monitoring provided directly by CDC, the experts from the monitoring centre not only alert him to a potential issue in time, but in the event of an incident, they immediately switch to the state of emergency and apply appropriate measures. The combination of the implemented EDR together with expert supervision significantly reduces the time available to the attacker for trying to do anything.</p><p style="text-align:justify;">EDR technology arranges for the collection of information on activities at the customer's endpoint, thus enabling efficient evaluation of potential security threats. This is a part of the whole solution complex suitably complementing the security of the customer's system. Also due to the cases such as the attack on a medical facility mentioned above, more and more enterprises and institutions are interested in knowing how is it possible for CDC to manage what many others cannot do.</p><p style="text-align:justify;">The growing interest in the possibility of securing systems with EDR technology is one of the reasons why AEC has currently prepared a special webinar. In course of the presentation, company's experts will present a detailed anatomy breakdown of the recent attacks covered by media. The event, which will take place on Thursday, May 21 from 10 am for those <a href="/_layouts/15/FIXUPREDIRECT.ASPX?fbclid=IwAR2DW022kDjxM_Segwh4glJsp7Vaix3ass_5iGf8mRrLTgesqkWV_ttqNy4&WebId=c2e66a69-98ba-44b2-9c45-29be530f4c7c&TermSetId=f883c0d5-da01-4517-a46d-bb0f2322ac82&TermId=35c687c5-35e0-439a-88a5-54d72bd83248"><span lang="EN-GB" style="text-decoration:underline;">registered</span></a> on the AEC website, will include an introduction to the tools and techniques used in the interventions and an explanation of the principles and benefits of the monitoring provided by CDC.</p><p style="text-align:justify;"><em>"Sometimes it happens that a company gets an EDR implemented and then gains a feeling that it is 100% protected. Of course, this is not true. The key is a combination of the state-of-the-art technology and experienced people. Only professionals with expert know-how, including knowledge of the customer's environment, are able to stop the attacker quickly and correctly. For example in order to know that they are not limiting some of the customer's key functionalities by their intervention,"</em> concludes Karel John.</p>
By Opening a Picture in MMS, You May Give Access to Your Phone Data to an Attacker Opening a Picture in MMS, You May Give Access to Your Phone Data to an Attacker<p>​We have written several times already about the Android OS vulnerabilities that were found within the Google Zero project. And now, another serious vulnerability has been identified, which not only allows attackers to access SMS text messages, contacts, phone data, it can even give them complete control over a mobile device. This time, however, it is not a vulnerability in the Android operating system, but in the Quram library processing the image files. This library is predominantly used in Samsung mobile phones.</p><p style="text-align:center;"> <img class="maxWidthImage" alt="Samsung zranitelnost" src="/cz/PublishingImages/news/2020/samsung-zranitelnost.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p> The issue has been solved by the last update issued this May, which is already available for Samsung mobile phones. This vulnerability can be found under the code <strong>SVE-2020-16747</strong>, or possibly under <strong>NVD CVE-2020-8899</strong>. It has been classified as critical, with temporary evaluation level of <strong>CVSS 10.0</strong>, i.e. the top possible one.According to the official statement released by Samsung, only models with the Android operating system version 8 and up are vulnerable. However, researcher Mateusz Jurczyk, who discovered this vulnerability, proved by his testing that Samsung models released in 2014 and later, i.e. with an older version of Android, are also vulnerable.</p><p>The vulnerability discovered in the Quram library lies in the way in which certain image formats are decoded. If an attacker manages to compile a "malicious" image and it is opened on a vulnerable phone, he can gain access to all the data accessible to the very application, which opened the picture. Let's take an MMS channel attack as an example. This was also presented by the researcher and is considered to be the most likely form of attack. An attacker sends a special picture via an MMS message. Immediately after it is opened by the application for reading SMS messages, the attacker gains access to everything that can be accessed by the given application. Thus, in most cases, this includes SMS messages, contacts, call logs, storage, and others. It always depends on the specific application permissions. However, it cannot be ruled out that an attacker could gain even higher privileges in case the image is decoded by some other application.</p><p>In reality, such attack is not so simple. First, an attacker must figure out the layout of the address space, which is "protected" on Android against exploitation of vulnerabilities by ASLR (Address Space Layout Randomization). The Proof of Concept of this attack took almost 2 hours and it was necessary to send more than 100 MMS messages. However, it cannot be ruled out that other vectors of attack may appear, reducing the required number of MMS messages and, in addition to that, preventing any notifications of the incoming message to be seen by the user. This type of attack has not been published yet, however, theoretically, it is possible. </p><p><strong>Since the attack via the MMS channel is the most probable one, we recommend the following:</strong></p><ul><li>To disable "MMS auto-retrieve" in your Messages app.</li><li>To check the current OS Android version and, if need be, to install the patch with the fix as soon as possible.</li></ul> <br> <h3>Video Proof of Concept:</h3><center> <iframe width="560" height="315" src="" frameborder="0"></iframe></center> <br>  <p><strong>Please refer to: </strong></p><p>The original vulnerability report including the list of tested devices: <a href=""><span lang="EN-GB" style="text-decoration:underline;"></span></a></p><p>The attack Proof of Concept video: <a href=""><span lang="EN-GB" style="text-decoration:underline;"></span></a></p><p><a href=""><span lang="EN-GB" style="text-decoration:underline;"></span></a></p><p><a href=""><span lang="EN-GB" style="text-decoration:underline;"></span></a></p>
Free Codebashing Service Codebashing Service<p>​Here at AEC we have always been committed to putting our customers first. Through good times and bad times, we are here for you. In light of recent events, many organizations are shifting to “work from home” and more precisely to “develop from home” when it comes to software development teams. We understand that this may not be an easy transition, especially while striving to maintain your high-security standards.</p><p>AEC collaborating with Checkmarx, is here to help and enrich your development team in these times.</p><p>To help you keep your software as secure as possible during this challenging time, we are providing you with free access to AppSec Awareness solution – Codebashing (<a href="/cz/Documents/Files/2020/AEC-Codebashing-Datasheet.pdf" target="_blank"><span style="color:#6773b6;">see datasheet</span></a>). <br></p><table width="600" height="150" align="center" border="0" cellspacing="0" cellpadding="0"><tbody><tr align="center" valign="middle"><td width="10" align="center" bordercolor="#6773b6" valign="middle" bgcolor="#6773b6"><p> </p></td><td width="580" align="center" bordercolor="#6773b6" valign="middle" bgcolor="#6773b6"><p style="text-align:center;"> <span style="color:#ffffff;"><strong>CxCodebashing</strong> is a training and awareness solution that empowers security teams and development teams to create and sustain a software security culture that puts AppSec awareness in front of the developers, front-and-center! Through the use of communication tools, gamified training, competitive challenges and ongoing assessments, Codebashing helps organizations eliminate the introduction of vulnerabilities in the source code.</span></p></td><td width="10" align="center" bordercolor="#6773b6" valign="middle" bgcolor="#6773b6"><p> </p></td></tr></tbody></table><p> <br>Checkmarx and AEC are providing free access* to AppSec Awareness Solution for DevOps – Codebashing – for a limited time.<br></p><center> <iframe width="560" height="315" class="video" src="" frameborder="0"></iframe></center> <br> <h2> Benefits:</h2><ul><li> <strong>Fast and Easy To Start</strong></li><ul><li>Once you fill out the form, a Checkmarx/AEC representative will reach out within 24 hours and start the setup process.</li></ul><li> <strong>Developers Improve their Secure Coding Skills</strong></li><ul><li>Codebashing offers easy to use modules that cover common security vulnerabilities found in software like SQL Injections, Leftover Bug Code, Cross-site Request Forgery, and much more. The training is delivered in brief, gamified lessons designed to be both informative and fun.</li></ul><li> <strong>AppSec Managers Raise the Bar</strong></li><ul><li>Security that empowers developers to think and act securely in their day to day work. Organizations can engage their remote development teams to participate in:</li><li>Gamified Training to enhance your team’s security skills.</li><li>Baseline Assessments to understand your team’s secure coding competency.</li><li>Team Challenges to foster community and AppSec awareness while enhancing software security.</li></ul></ul> <br> <h2> Terms and Conditions:</h2><ul><li>One trial per company </li><li>Number of trial seats:</li><ul><li>Minimum 10 developers</li><li>Maximum 100 developers </li></ul><li>Offer expires May 31, 2020 </li><li>Not open to existing Codebashing customers</li><li>For this trial, we will exclude SSO integration support.</li></ul><div style="text-align:center;"> <img class="maxWidthImage" alt="languages and frameworks" src="/cz/PublishingImages/news/2020/codebsahing-lang-coverage.jpg" data-themekey="#" style="margin:5px;width:658px;" /> </div><div class="registrationForm shadowBack"><div class="ms-rtestate-read ms-rte-wpbox"><div class="ms-rtestate-notify ms-rtestate-read 9b21ed2b-33ee-42cc-87b8-398cfc97c25b" id="div_9b21ed2b-33ee-42cc-87b8-398cfc97c25b" unselectable="on"></div><div id="vid_9b21ed2b-33ee-42cc-87b8-398cfc97c25b" unselectable="on" style="display:none;"></div></div> <br> </div> <br> <p>Last day to get free access - May 31st.</p><p>With Codebashing, your developers can learn how to code securely at work or from home, improving the security and quality of your software. </p><p style="text-align:center;"> <img class="maxWidthImage" alt="Checkmarx Codebashing" src="/cz/PublishingImages/news/2020/screenshot-codebashing-dark.png" data-themekey="#" style="margin:5px;" /> </p><p> </p><h2>Contact:</h2><div align="left"><table style="width:320px;"><tbody><tr><td align="center" valign="middle" style="width:72px;"> <img alt="Lukáš Bláha" src="/cz/PublishingImages/aec-people/martin-fojtík-2019-01.png" data-themekey="#" style="margin:5px;width:75px;" /> </td><td width="250" align="left" valign="top"><p> <strong style="color:#6773b6;"> <span style="color:#6773b6;">Martin Fojtík</span></strong><br>Security Specialist<br>martin.fojtik[@] </p></td></tr></tbody></table></div>
AEC experts intervened in hospitals paralyzed by cyberattacks experts intervened in hospitals paralyzed by cyberattacks<p style="text-align:justify;">​<strong>​Computer systems in medical facilities in Brno and in Kosmonosy paralyzed by recent phishing and security attacks were restored with the help provided by AEC. Specialists working for the leading cyber security provider designed recovery procedures for the internal infrastructure of the compromised systems and recommended steps leading to a significant streamlining and acceleration of the recovery process.</strong></p><p style="text-align:justify;">Experts from AEC were called to the University Hospital in Brno immediately on the day following the detection of the incident. It was a typical phishing attack. Attackers from an organized international group used an infected message to attack the system. When the message was opened, the ransomware started spreading and encrypting individual workstations, servers etc., which resulted in the paralysis of the entire IT infrastructure.</p><p style="text-align:justify;"> <img alt="Matej Kačic" src="/cz/PublishingImages/aec-people/matej-kacic-2016-02.jpg" data-themekey="#" style="margin:5px;width:94px;float:left;" />„<em>“AEC was providing assistance under its mandate as a professional supervisor and adviser, the scope of which is, in this case, influenced by many factors, namely the ones set by the law,”</em> noted Matej Kačic, Head of Security Technologies Division in AEC and he specified it some more: <em>“Our task was to analyse the situation and to check whether the measures taken for the immediate rehabilitation of the system are correct from the safety and best practices point of view. Based on the findings, we then recommended how to streamline and speed up the individual procedures.”</em></p><p style="text-align:justify;">The hospital responded to the incident with immediate shut down of all stations and contacted the National Cyber and Information Security Agency. Upon arrival, agency experts fully disconnected one part of the network infrastructure and began working on forensic analyses. Summoned AEC specialists collaborated on the rescue and recovery of data in Brno with colleagues from their sister company AUTOCONT, which, the same as AEC, is a member of the ICT holding Aricoma Group.</p><p style="text-align:justify;">In reaction to the cyberattack at the University Hospital in Brno, the CyberSecurity Action Committee of the Ministry of Health was established. <em>"We at AEC immediately joined this programme, offering our professional services in areas such as forensic analysis, penetration testing, or protection against APT attacks and phishing campaigns,"</em> said Matej Kačic. Only a few days had passed since the establishment of the Action Committee, and the entire team, including the AEC experts, was on alert again. Yet another attack was lead on the computer network of a medical facility, this time at the Psychiatric Hospital in Kosmonosy near Mladá Boleslav.</p><p style="text-align:justify;">According to Matej Kačic, the Head of Security Technologies Division in AEC, the majority of Czech health care facilities suffer from deficiencies in preventive measures, which lowers their security. The use of flat infrastructure networks allowing the rapid spread of malware is quite typical, as well as incorrectly set up key processes, such as incorrect use of privileged administrator accounts. The consequences of an attack on this type of facility can be fatal.</p><h1>Media coverage</h1><table class="ms-rteTable-default" cellspacing="0" style="width:100%;"><tbody><tr class="ms-rteTableHeaderRow-default"><th class="ms-rteTableHeaderFirstCol-default" rowspan="1" colspan="1" style="width:50%;"><p>​Source</p></th><th class="ms-rteTableHeaderLastCol-default" rowspan="1" colspan="1" style="width:50%;"><p>​URL</p></th></tr><tr class="ms-rteTableOddRow-default"><th class="ms-rteTableFirstCol-default" rowspan="1" colspan="1" style="width:50%;"><p> <strong>Economia</strong></p></th><th class="ms-rteTableLastCol-default" rowspan="1" colspan="1" style="width:50%;"><p>​<a href=""></a></p></th></tr><tr class="ms-rteTableEvenRow-default"><td class="ms-rteTableFirstCol-default"><p> <strong>​Seznam news</strong></p></td><td class="ms-rteTableLastCol-default"><p>​<a href=""></a></p></td></tr><tr class="ms-rteTableOddRow-default"><td class="ms-rteTableFirstCol-default"><p> <strong>​Czech Radio</strong></p></td><td class="ms-rteTableLastCol-default"><p>​<a href=""></a></p></td></tr><tr class="ms-rteTableEvenRow-default"><td class="ms-rteTableFirstCol-default"><p> <strong>Letter of thanks of the Ministry of health of the Czech republic</strong></p></td><td class="ms-rteTableLastCol-default"><p> <a href=""></a></p></td></tr><tr class="ms-rteTableFooterRow-default"><td class="ms-rteTableFooterFirstCol-default"><p> <strong>​Our webinar</strong></p></td><td class="ms-rteTableFooterLastCol-default"><p>​<a href=""></a></p></td></tr></tbody></table> <br> <p style="text-align:justify;"> <img alt="Karel John" src="/cz/PublishingImages/aec-people/karel-john-2019-01.jpg" data-themekey="#" style="margin:5px;width:94px;height:125px;float:right;" /> “Situations such as the attacks on the University Hospital in Brno and the Psychiatric Hospital in Kosmonosy can be prevented, not only by training employees in cybersecurity awareness, but also by introducing continuous expert supervision and monitoring,” emphasized Karel John, Head of <strong><a href="/en/products-and-services/Pages/cdc.aspx" target="_blank">Cyber Defense Center in AEC</a></strong>. The next necessary step, according to him, is the correct backup of data: <em>"It is no exception that in the event of a major incident, all backups of the infected system may be completely deleted or encrypted, therefore they can no longer be restored to their original state."</em></p><p style="text-align:justify;">In the case of the attacked hospitals, the restoration of operation on all workstations is difficult and takes weeks. Thanks to the findings and recommendations provided by the staff from AEC and other teams, the most important systems of the affected infrastructures were able to start operating in relatively short time, which was recognized by Tomáš Bezouška, Cybersecurity Manager of the Ministry of Health of the Czech Republic: <em>“Great job! I would like to thank AEC for their generous help with removing the consequences of the cyberattack on the Psychiatric Hospital in Kosmonosy.”</em></p>
Employee Without IT Security Awareness Can Unleash Hell on the Company Without IT Security Awareness Can Unleash Hell on the Company<p><strong>Carelessness, slackness and poor knowledge demonstrated by employees are the most common causes of data leaks from company systems.</strong> <strong>Human factor is responsible for nine out of ten cases of all security incidents in cyberspace. Therefore, education in the field of IT security presents today a significant benefit not only for the further advancement of employee's career, but in the first place, for the company itself. AEC, a leading cybersecurity provider, comes through its AEC Security Academy with an affordable, sophisticated and effective employee training system.</strong></p><p>Affected institutions and companies usually have two things in common. A solid and costly security system with multi-level protection of their IT environment on the one hand, and employees with only slight knowledge on the other. Statistics show that up to 94% of all malware compromises are delivered through phishing. An inconspicuous e-mail, looking all trustworthy and urgent, appears in some employee's mailbox among new messages. All future operations in the company now depend on the correct reaction of a single person.</p><p><img src="/cz/PublishingImages/aec-people/maros-barabas-2019-01.jpg" data-themekey="#" alt="" style="margin:5px;width:190px;vertical-align:middle;float:left;" />"<em>An employee without sufficient awareness of cyberspace threats has no idea whatsoever, what a single reckless decision or omission can unleash. Cyberattack may totally paralyze the whole company,</em>" says Maroš Barabas, AEC Head of Product Management.</p><p>The solution to this situation is in fact neither complicated, nor expensive. It lies in an efficient employee training – a benefit with great added value for everyone involved. For an informed employee, it opens the door to future professional growth, and at the same time, it is a great asset for the enterprise itself. More importantly, the company is well protected as a result. It is also true, that a training is incomparably cheaper for the employer than providing other employee benefits, such as meal vouchers, insurance contributions or company cars.</p><p>E-learning, especially short and densely instructive video tutorials, has proven to be the perfect tool for educating employees on the topic of IT security. At present, AEC Security Academy offers 10 educational e-learning courses. Among the topics are mobile devices security, deletion of data, data on USB flash drives, passwords, safe behaviour in online networks, secure e-mail, or employees' reaction in course of an incident. Up-to-date and clearly arranged videos are available online, i.e. easily accessible at any time.</p><p>"<em>Each of our training procedures is aimed at making IT security an integral part of the company. Employees should take it for granted that they are the ones providing the crucial protection. We aim to incorporate this approach into their corporate culture so that it becomes completely automated,</em>" says Maroš Barabas.</p><p>It would be a mistake to assume that after people learn some elemental knowledge through e-learning, they are done once and for all. Over time, the information they learned has to be repeated and updated. </p><p>The best way to do it is by thematically centred newsletters, posters, games, infographics, competitions, various motivational challenges and, above all, experiences. When people link some information with emotions, they keep it in their heads much longer.</p><p>This is one of the reasons why AEC offers testing of the employees who have been trained as part of these courses. It takes place in the form of a sent out e-mail containing a tailor-made, completely harmless malware. All employees who open this "harmful" message, are automatically directed to further e-learning, to work on their vigilance and knowledge. Based on the testing results, AEC provides the rankings listing all participants' success, according to which the company can reward its people.</p><p>AEC Security Academy offers its trainings in Czech, Slovak and English as a turnkey delivery. This means, among other things, that the company has full control over the whole training procedure. Individual courses are always assigned by the company manager in charge. He is the one who, based on the resource materials provided and his knowledge of the corporate environment, defines the educational plan for the company, distributes the courses to the appropriate employees and divides them into batches.</p><p>As Maroš Barabas points out: "<em>The system of our courses is designed to be as accessible as possible and as efficient as possible at the same time. All materials, including relevant infographics, are prepared in accordance with the corporate culture familiar to the employees. Even the testing is provided as a tailor-made service and, if the company is interested, we provide the tools enabling them to do it on their own.</em>"</p><p>Although humans are oftentimes the weakest link in the protection of IT environment in a company, the cause of their failure is usually not lack of interest, but little knowledge. The whole point of the courses and other educational tools offered by AEC is to support those facing the dangers on the front line as effectively as possible, while on top of this, they can relatively simply, but fundamentally, protect their company from a possible disaster.</p><p style="text-align:right;"> </p>
Teach your employees how to work safely from home, we will give you a free course your employees how to work safely from home, we will give you a free course<p>While working from home employees access company data remotely using private or corporate devices. Apart from working in quarantine, they are also searching for various forms of distraction on the Internet. Whether they are downloading music, movies or just clicking on fake links with COVID-19, they represent threat to the employers' networks.</p><p>What is safe when you work remotely and what is the risk? Can one innocent download of an attachment from an e-mail compromise your company's security infrastructure?</p><p>We will answer these and other questions through our entertaining Security Academy e-learning platform. One of whose parts you can now check for free in a form of a video.</p><p>You can also download a free PDF file as well as presentation about safe work at: <a href=""> <span lang="EN-US" style="text-decoration:underline;"></span></a>.</p><center> <iframe width="560" height="315" src="" frameborder="0"></iframe></center><p> </p>
Security, the conference on cybersecurity, is changing its date, the conference on cybersecurity, is changing its date<strong>The conference Security 2020 will not take place as announced, i.e. from March 11th to 12th. Its organizers endeavour to prevent the risks associated with holding such a major international event at the time of acute spreading of the coronavirus infection. At present, AEC is intensively working on the negotiation of a substitute date, with September 2020 looking as the most probable. Agenda of the conference remains unchanged, all already purchased tickets remain valid and the new date will be specified well in advance.</strong><br><br>The organizer's decision to postpone the date of this largest independent domestic cybersecurity event was preceded by careful consideration of all circumstances and by repeated consultations with the event participants, partners and the responsible officials from the Ministry of Health of the Czech Republic.<br><br>It is easy to understand that companies are trying to protect their people and in the current situation, they are not recommending their participation in major events, with an international outreach on top of that. In addition, in case of the Security conference, these measures apply not only to the participants themselves, but also to the speakers.<br><br>"31 Czech and international speakers were scheduled to present at the conference," said Igor Čech, AEC Marketing Manager, and added: "The number of people who had to ask us for cancellation of their participation was continually growing. In past few days, these included four of the speakers and many dozen attendees."<br><br>For more than a week, the people from AEC company in charge of the event had been working with emergency plans in case a need would arise to radically change the way the conference was organized. They nimbly provided the necessary technology and equipment for potential telecasting transmission and started interacting with all interested parties.<br><br>More than 600 attendees attend the Security conference every year, and it turned out that many of them see this event as an opportunity to engage in meetings, exchange of experience and networking. A telecasting solution would deprive the conference exactly of this important aspect.<br><br>Behind the decision of the AEC crisis team to change the date of the 28th conference notwithstanding all logistic and other complications are both the aim to minimize the current risks associated with the spread of coronavirus infection, as well as their effort to maintain the unique character of one of the most interesting domestic get-togethers of IT professionals.<br><br>"Over the past few hours, I have been talking to many representatives from the participating companies. All of them regretted what is happening at the moment and at the same time, each of them appreciated our final decision to find a substitute date for the conference," said Igor Čech.<br><br>According to him, all agreed that both the speakers, as well as this year's main topics, i.e. Real-life security incidents and Cloud Security, are way too attractive for the conference Security 2020 to be done with by some halfway compromise solution.<br><br>
Vulnerability in Cisco Discovery Protocol in Cisco Discovery Protocol<p style="text-align:center;"> <img src="/cz/PublishingImages/news/2020/cisco-discovery-protocol-vulnerability.png" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>We would like to inform our customers about several <strong style="color:#6773b6;"><span style="color:#6773b6;">critical vulnerabilities in Cisco Discovery Protocol</span></strong>, which an <strong style="color:#6773b6;"><span style="color:#6773b6;">unauthorized attacker</span></strong> attacker can misuse to perform either a <strong style="color:#6773b6;"><span style="color:#6773b6;">Remote Code Execution</span></strong> or a <strong style="color:#6773b6;"><span style="color:#6773b6;">Denial of Service</span></strong> type of attack. There are five of these vulnerabilities rated from <strong style="color:#6773b6;"><span style="color:#6773b6;">CVSS 7,4 až 8,8</span></strong>. You can see an identifier for each of the vulnerabilities including their CVSSv3 rating below.</p><table width="175" class="ms-rteTable-default" cellspacing="0" style="height:33px;"><tbody><tr><td class="ms-rteTable-default">CVE-2020-3120</td><td class="ms-rteTable-default">7,4</td></tr><tr><td class="ms-rteTable-default">CVE-2020-3119</td><td class="ms-rteTable-default">8,8</td></tr><tr><td class="ms-rteTable-default">CVE-2020-3118</td><td class="ms-rteTable-default">8,8</td></tr><tr><td class="ms-rteTable-default">CVE-2020-3111</td><td class="ms-rteTable-default">8,8</td></tr><tr><td class="ms-rteTable-default">CVE-2020-3110</td><td class="ms-rteTable-default">8,8</td></tr></tbody></table><p> Using specially created packets sent to a vulnerable device, an unauthenticated attacker can exploit the vulnerability and thus can achieve a remote code execution or denial of service. Since CDP is a protocol operating on the L2 level, this is the case when the attacker must be on the same broadcast domain as the vulnerable device (typically a guest Wi-Fi network). Examples of vulnerable devices are some routers, switches, IP phones, and IP cameras using the CDP protocol. A complete list of devices for each individual vulnerability can be found on the Cisco website in the Security Advisory section or by following the link listed at <a href="" target="_blank"></a>. </p><p> <strong style="color:#6773b6;"><span style="color:#6773b6;">Cisco Discovery Protocol is allowed in default settings on</span></strong> some of the Cisco devices, for example routers with Cisco IOS XR. </p><p>Cisco issued a <strong style="color:#6773b6;"> <span style="color:#6773b6;">security patch</span></strong> patch for the majority of vulnerable devices, or alternatively, a workaround can be used, as defined in the appropriate Security Advisory section.</p><p>To find out which systems in your network are vulnerable, we recommend <strong style="color:#6773b6;"> <span style="color:#6773b6;">executing a control scan for resistance against these vulnerabilities using the Tenable tools</span></strong> – the Advanced Scan policy can be used, and the systems can be scanned for these specific vulnerabilities only. You can find the plug-ins detecting these vulnerabilities <a href="" target="_blank">here</a>. We further recommend <strong style="color:#6773b6;"> <span style="color:#6773b6;">banning the CDP protocol</span></strong> on all your devices and <strong style="color:#6773b6;"> <span style="color:#6773b6;">performing a configuration audit and network components hardening</span></strong>. </p><p>Information sources:<br><a href="" target="_blank"></a><br><a href="" target="_blank"></a><br><a href="" target="_blank"></a><br><a href="" target="_blank"></a></p><p>  </p><h3>Contact:</h3><div align="left"><table width="300"><tbody><tr><td width="70" align="center" valign="middle"> <img alt="David Pecl, AEC" src="/cz/PublishingImages/aec-people/david-pecl-2018-02.jpg" data-themekey="#" style="margin:5px;width:68px;height:90px;" /> </td><td width="190" align="left" valign="top"> <strong style="color:#6773b6;"><span style="color:#6773b6;">David Pecl</span></strong><br>Senior Security Specialist<br>AEC a.s.<br><span style="color:#6773b6;"><br>david.pecl</span>[<span style="color:#6773b6;">@</span>]<span style="color:#6773b6;"></span></td></tr></tbody></table></div>
End of Support for the TLS 1.0 and TLS 1.1 Protocols of Support for the TLS 1.0 and TLS 1.1 Protocols<p>For quite some time now, we have been seeing gradual withdrawal from TLS 1.0 and TLS 1.1. During the celebration of the protocol's 20th anniversary, Microsoft, Google, Mozilla, and Apple announced their intention to <strong>stop supporting</strong> TLS1.0 and TLS 1.1 for the Edge, Chrome, Firefox, and Safari browsers <strong>in the first quarter of 2020</strong>. Naturally, end of support has not been announced only by the companies developing web browsers, but by others as well. These include for example Cisco, which announced the end of support for older TLS versions as of March 31, 2020.</p><p>The first version of the TLS (Transport Layer Security) protocol was introduced to the world in 1999, as the successor to the SSL protocol from 1996. At present, the most advanced version is TLS 1.3, the previous two being susceptible to great variety of attacks, such as BEAST or POODLE. One of the most important uses of TLS is its "connection" with http, giving us (simply put) https as a result.</p><p>The most commonly used version of TLS today is TLS 1.2 (see below). The main differences when compared to the older versions include, for example, MD5 / SHA1 in PRF replaced by SHA-256 or support of authenticated encryption for data modes. The third version of TLS is nothing new on this planet, its launch took place way back in 2008.</p><p>In 2018, Google made an announcement that only 0.5% of all HTTPS connections to the Chrome browser was established using the TLS 1.0 or TLS 1.1 protocol. In 2020, this ratio further decreased to 0.3%. Based on the data from August to September 2018, Mozilla could boast of 1.11% for TLS 1.0 and 0.09% for TLS 1.1. However, for the period of January to February 2020, we are getting as low as 0.26% for TLS 1.0 and 0.01% for TLS 1.1.</p><p><br> <img class="fullWidthImage" alt="TLS 1.0 a 1.1" src="/cz/PublishingImages/news/2020/aec-tls-graf.jpg" data-themekey="#" style="margin:5px;" /> </p> <p><strong>The above-mentioned declining ratios show that both protocols are being abandoned and their newer version dominate in vast majority of cases.</strong></p><p>However, in case a server is still supporting the said protocols, this fact can be exploited by an attacker who can use them instead of the newer versions. Therefore, disabling old protocols on the server is recommended, which may however prevent some browsers from connecting. This behaviour can be tested for example by a ssltest (<a href=""><span lang="EN-GB" style="text-decoration:underline;"></span></a>). <strong>Note that none of the modern browsers require an old TLS version.</strong></p><p>Administrators had a relatively long time to make the switch. However, if they have loitered until now, they have about a month to remedy this situation. Otherwise, starting from March, they would have to prepare for potential impacts, such the sites they are operating being unavailable.</p><p>Our recommendation is thus simple: check the TLS version on your servers as soon as possible and if needed, switch to a newer one. This said, we at AEC will of course be happy to assist you with the status analysis and risk mitigation.</p><p> <br></p><div align="right"><table style="width:320px;"><tbody><tr><td align="center" valign="middle" style="width:72px;"> <img alt="David Pecl" src="/cz/PublishingImages/aec-people/jakub-rubas-2018-02.jpg" data-themekey="#" style="margin:5px;width:75px;" /> </td><td width="250" align="left" valign="top"><p> <strong style="color:#6773b6;"> <span style="color:#6773b6;">Jakub Rubáš</span></strong><br>Security Specialist</p><p> <strong style="color:#6773b6;"> <span style="color:#6773b6;">AEC a.s.</span></strong><br>Security Technologies Division</p></td></tr></tbody></table></div>
We are testing the resistance of corporate systems to cyber-attacks in real life are testing the resistance of corporate systems to cyber-attacks in real life<p><strong><strong>We offers a service providing the testing of how the companies are resistant to ransomware attacks. This is the leading cyber security provider's response to the growing interest of the local businessmen and institutions in protection of their systems. This screening includes the current situation analysis together with a system resilience test, and a final report including recommendation of appropriate solutions.</strong></strong></p><p>We offer two packages:</p><blockquote dir="ltr" style="margin-right:0px;"><p>The first one includes a high-level audit of architecture, processes and real-life verification whether the company infrastructure is resistant to ransomware or not.</p><p>The other one consists of a three-month anti-phishing programme focusing on checking the employees' response to suspicious e-mails and a recommendation of further actions regarding their education, including the possibility of direct training using the AEC Security Academy product.</p></blockquote><p>Our <strong>Hacking Lab</strong>, a hub for our ethical hackers, which has been recently established as part of the Security Assessment Division at AEC, has been intensively involved in <a href="/en/news/Pages/test-yor-companys-immunity-against-ransomware-attack.aspx"><strong>detecting the corporate systems vulnerabilities to ransomware attacks</strong></a> as part of the rendered services. Hacking Lab experts are determining the level of security of the most state-of-the-art technologies available on the market by hacking them on purpose and searching for all their weaknesses.</p><p>"Testing the resistance of a corporate system includes endpoint security analysis and network infrastructure security analysis, " outlined <strong>Lukáš Bláha</strong>, Head of Hacking Lab. "As a follow-up activity, we check their actual condition in real-life by sending malicious software samples to a selected isolated computer while observing at which level are the existing technologies capable to detect or even to stop the attack, and thus to protect the company from becoming infected."</p><p>Then comes a turn for checks using specialized tools from various security technology manufacturers, and finally, proposal of recommendations regarding what needs to be improved sorted according to the cost-benefit scores. Meaning a list of what should be done as quickly as possible in order to bring the maximum effect for the company at the given time.</p><p>"We are aware that especially in the smaller companies the pressure for cost-efficiency of the provided technologies and services is quite high. Therefore, every time and for each one of them, we prepare a solution that will increase their security immediately, with a maximum possible effect, and for an affordable price," said the head of Hacking Lab.</p><p>According to Lukáš Bláha, attackers are becoming more and more interested in the Czech Republic and Slovakia, as shown by the attacks on the banking sector and the public institutions at the end of 2019. Phishing attacks are becoming increasingly sophisticated, and recognizing a fraudulent e-mail is getting harder and harder. All this while the truth is that the most common way the malicious software enters the corporate system is through a fraudulent e-mail.</p><p>"Phishing attacks are counting on the fact that human factor is usually the weakest link in the entire security system. And that is why we are telling the companies why and how to educate their staff in order to be able to recognize fraudulent e-mails and respond to them correctly. An educated and watchful user is actually the most basic and efficient way to protect the company data," concludes Lukáš Bláha the interview.</p><p style="text-align:center;"><a href="/cz/Documents/Files/2020/AEC_Phishing-LITE_ENG.pdf"><img src="/cz/PublishingImages/news/2020/AEC_Phishing-LITE_ENG.png" data-themekey="#" alt="" style="margin:5px;width:250px;height:353px;" /></a> </p>
Czech financial institutions were facing cyberattacks. Fatal damage was prevented by CDC experts financial institutions were facing cyberattacks. Fatal damage was prevented by CDC experts<p> <strong><strong>AEC Cyber Defense Center successfully eliminated phishing attacks on Czech financial institutions lead by hacking groups Cobalt Group and TA505. Our specialized cyber defence centre has been providing comprehensive, efficient, and at the same time affordable outsourcing services to large, medium, as well as small companies.</strong></strong></p><p>At the end of last year, our Cyber Defense Center (CDC)<strong> </strong>managed to detect and stop execution of several sophisticated attacks aimed at gaining access to accounts of the invaded local financial institutions and siphoning off the finances deposited there. </p><p>The centre subsequently provided reports on the attacks including the detailed indicators of compromise (IOCs) not only to the AEC clients and customers, but to other companies as well. "Usually, we offer these services exclusively to our clients. The reason for this exception was that any attack by hackers from the Cobalt Group, or TA505, respectively, could be fatal for the unprotected companies, " said Tomáš Filip, Head of CDC.</p><p>The companies' representatives acknowledged the decision and willingness of CDC to share the acquired data with deep gratitude and appreciated both the readiness and quality of the work done by the experts from the centre, as well as the provided reports as highly informative.</p><p>"In case of the hackers called Cobalt Group, the attack was executed by abusing accounts belonging to a local telephone operating company. These accounts were used for sending credible messages looking as a reminder for the payment of a fictitious invoice and after it was opened, the attacker was able to gain control of the infected computer and spread further over its network," stated Tomáš Filip.</p><p> <img src="/cz/PublishingImages/news/2020/20200125-cdc-event.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>The attacked institution strived to solve the problem on its own but was getting itself into an increasingly arduous situation. At a critical moment, it asked CDC for help. It took less than two hours for the called up expert to uncover the attack and to identify the attacker. After implementing the appropriate tool, the CDC staff took over the activity, began to control every single attacker's step and in the end, eliminated all his efforts.</p><p>According to Tomáš Filip, the amount and intensity of the currently detected attacks is bad news for the local companies: "Incidents multiply by order, therefore, it is evident that the Czech Republic and the companies operating here have already become extraordinarily interesting and completely regular targets for these groups. And this was not the case, until recently." </p><p>According to him the problem lies in the fact that while the severity and increasing number of cyberattacks are fundamentally changing the environment in the Czech Republic, companies are still trying to brave the dangers with their own limited forces.</p><p>"Prevention in the form of active expert supervision is definitely worth the costs for the companies today. This way, the certainty that an attack shall be fended off right in the beginning is the greatest," pointed out Tomáš Filip, while adding that this was the exact scenario in case of the TA505 hacking group's attack on the client. He also added: "But by counting on the fact that you will be able to find a top-class expert on the market available to immediately dedicate his time to your company in the moment of dire straits, you are taking a great risk – either of failure, or that it will take longer than you can afford at such a critical moment." </p><p>CDC started to operate about half year ago as a competence centre in AEC, a company firmly established on the market. It aims to provide its clients with cyber protection by monitoring their system and real-time responses to any potential incidents. Over this time, the centre has managed to avert a number of attacks led on an increasing number of its clients as well as on the companies that became customers of the centre only after they were forced to make this decision due to circumstances.</p><p>"The key fact is that the highly efficient services provided by CDC are available at a reasonable price to everyone regardless of their situation, also due to its direct connection to the capacities provided by three divisions of the parent company AEC. The main advantage for our clients is that as soon as we spot any issue at one of our customers, we begin an intensive watch over everybody else with help of all available tools and data, be it current or acquired in the past," concluded Tomáš Filip, Head of CDC.</p><h2>CDC reporty Cobalt Group a TA505</h2><center><table width="90%" class="ms-rteTable-default" border="0" cellspacing="0"><tbody><tr><td class="ms-rteTable-default" style="width:50%;text-align:center;">​<a href="/cz/Documents/Files/CDC-Report-20191205-Cobalt.pdf" target="_blank"><img src="/cz/PublishingImages/news/2020/CDC-Report-20191205-Cobalt-small.jpg" data-themekey="#" alt="" style="margin:5px;width:250px;height:353px;" /></a></td><td class="ms-rteTable-default" style="width:50%;text-align:center;">​<a href="/cz/Documents/Files/CDC-Report-20191211-TA505.pdf" target="_blank"><img src="/cz/PublishingImages/news/2020/CDC-Report-20191211-TA505-small.jpg" data-themekey="#" alt="" style="margin:5px;width:250px;height:353px;" /></a></td></tr></tbody></table></center><p> </p>
Test your company’s immunity against ransomware attack your company’s immunity against ransomware attack<p>Massive ransomware attacks targeting businesses are happening all around the world. On average, every Czech company faces 640 attacks per week! Avoid becoming one of the victims and minimize the risks!<br></p><p><strong> <br></strong> </p><h2><strong>Our services include: </strong></h2><ul><li>High-level audit of the network architecture, endpoint security, and back-up processes.</li><li>Verification of the true state of your endpoint security as well as the security of the web and e-mail channels by sending ransomware samples.</li><li>Checks using specialized security tools.</li><li><p>Final report including proposed recommendations.<br><br></p></li></ul><p> <br>Contatc us for set up and activation.</p><div class="ms-rtestate-read ms-rte-wpbox"><div class="ms-rtestate-notify ms-rtestate-read 58852461-2f1a-4e6f-b711-d06c2b29871e" id="div_58852461-2f1a-4e6f-b711-d06c2b29871e" unselectable="on"></div><div id="vid_58852461-2f1a-4e6f-b711-d06c2b29871e" unselectable="on" style="display:none;"></div></div>
KKCG Launches Aricoma – Biggest Czech ICT Holding Launches Aricoma – Biggest Czech ICT Holding<p> <strong>The Aricoma Group, the biggest ICT holding in the Czech Republic, was introduced today by representatives of the KKCG investment group owned by entrepreneur Karel Komárek. Inspired by a mountain in the Peruvian Andes, Aricoma's name and logo stand for strength, ambition and power. The members of Aricoma Group include AUTOCONT, Cleverlance, CAD Studio, DataSpring and AEC. </strong></p><p>The establishment of the Aricoma holding is another step in the fulfillment of KKCG's plan to build a strong pan-European provider of ICT services. KKCG's overall business strategy aims to diversify risks and to promote both organic and inorganic growth in the gaming, information technology, energy, tourism and real estate sectors. Because ICT has become one of the most important pillars of the group's business in recent years, KKCG has now decided to bring together selected technology firms, which mainly specialize in solutions and services for the corporate sector, under the Aricoma Group. The portfolios of Aricoma companies cover the entire range of ICT services, from IT architecture design, infrastructure and cloud services, and the implementation of enterprise management applications, to the development of comprehensive proprietary software solutions and outsourcing. In addition, cybersecurity issues are the common denominator of all of the group's services. Aricoma has nearly two thousand employees, and it saw revenues last year in excess of 6.75 billion crowns.</p><p style="text-align:center;"> <img src="/cz/PublishingImages/news/2019/Aricoma-logo-edit.jpg" data-themekey="#" alt="" style="margin:5px;" /> </p><p>"When we entered information technologies in 2009, we knew that it was a high-potential business sector. Since then, our expectations have been more than fulfilled year after year," says Michal Tománek, KKCG's Investment Director responsible for ICT. According to Tománek, ICT currently offers excellent investment opportunities, mainly thanks to the globally growing complexity of ICT solutions and the consequent rise in demand for ICT services. In addition, ICT development is driven by the demise of traditional business models and the emergence of new approaches that rely on online interaction with clients. The growing ICT market and a lack of qualified experts provides an opportunity to offer top-quality services to companies that wish to move away from handling IT internally and seek outsourcing solutions. "In our opinion, the future lies in the ability to find excellent workers both at home and abroad, as well as in knowing how to retain the best of them. This alone will allow us to offer our customers sufficiently large and qualified professional teams," explains Tománek. </p><p>"The Aricoma Group is now facing two main tasks. The first consists of consolidating KKCG's activities and making them more visible on the Czech and Slovak IT markets, where we want to be the biggest provider of ICT services for the corporate sector. The Aricoma Group's main role is to be an umbrella brand, presenting the group externally, while promoting cooperation among the group's individual members, which will continue to operate independently under their own brands," comments CEO Milan Sameš, elaborating on Aricoma's vision, adding, "The other challenge the Aricoma Group faces is to become a platform for the Europe-wide expansion of KKCG's operations, because our ambition is to become a leading pan-European provider of ICT services. Our big advantage is the availability of equity that is not restricted by a fixed investment horizon. In other words, we have the time to choose the very best opportunities, to invest into them, and to develop them in a prosperous manner." According to Sameš, another strategic advantage is the global dimension of KKCG's business, as the group is currently active on markets that provide the highest growth potential.</p><p> "We believe that if Aricoma becomes a strong international provider of ICT services, it will prevent domestic IT experts and talents from seeking opportunities in other countries, which will, in turn, be conducive to the creation of innovative products and services in the Czech Republic. We want to expand in IT in the same way we have done over the past seven years in the gaming industry, where the SAZKA Group is now the biggest lottery group in Europe," adds Tománek.</p><table width="100%" class="ms-rteTable-default" cellspacing="0"><tbody><tr class="ms-rteTableEvenRow-default"><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" rowspan="1" colspan="1" style="width:50%;"> <span style="color:#ffffff;"><strong>Company</strong></span></td><td class="ms-rteTableOddCol-default" bgcolor="#6773b6" rowspan="1" colspan="1" style="width:50%;"> <span style="color:#ffffff;"><strong>Revenues in 2018</strong></span></td></tr><tr class="ms-rteTableOddRow-default"><td class="ms-rteTableEvenCol-default">​DataSpring</td><td class="ms-rteTableOddCol-default">CZK 110 million</td></tr><tr class="ms-rteTableEvenRow-default"><td class="ms-rteTableEvenCol-default">​Cleverlance a AEC</td><td class="ms-rteTableOddCol-default">​CZK 1,112 million </td></tr><tr class="ms-rteTableOddRow-default"><td class="ms-rteTableEvenCol-default">​AUTOCONT a CAD Studio</td><td class="ms-rteTableOddCol-default">​CZK 5,532 million</td></tr><tr class="ms-rteTableEvenRow-default"><td class="ms-rteTableEvenCol-default">​Total</td><td class="ms-rteTableOddCol-default">​CZK 6,752 million</td></tr></tbody></table> <p> <br>KKCG is an international investment group managing more than EUR 6 billion in book value of assets and employing about 6,000 employees. KKCG holds stakes in such corporations as MND Group, SAZKA Group, Aricoma Group, US Methanol, FISCHER Group, Conectart, SafeDX, Springtide Ventures, and others. KKCG operates in 18 countries worldwide.</p><p> </p><center> <iframe width="560" height="315" src="" frameborder="0"></iframe></center><p> </p>
AEC receives Cyber Security Award receives Cyber Security Award<p>AEC has received the Cyber Security Award 2019 from the Acquisition International Committee in the categories of Most Innovative Cyber Security Providers and Ethical Hacking Specialists of the Year. The Committee experts examined one year of their work and were evaluating the data collected for over three months. Only projects that actually had something to offer could thus pass through the imaginary sieve.<br></p><p><img src="/cz/PublishingImages/aec-people/maros-barabas-2016-02.jpg" data-themekey="#" alt="" style="margin:5px;width:113px;vertical-align:auto;float:left;" />The Most Innovative Cyber Security Providers Award was commented on by the Head of the Product Management, <strong>Maroš Barabas</strong>: “In the field of information security, we have been introducing innovations to our markets for almost thirty years. During that time, we have brought in several global brands. Together with selected clients, we create pilot incubators in which those clients help us to test and further develop new technologies. The cooperation is great and, thanks to it, many of our clients are a step ahead compared to conventional security standards. Cooperation and partnership in innovation bring about great results and constitute a part of our long-term strategy. That strategy also includes a balanced portfolio, long-term consulting services and the effort to support start-ups and innovative solutions.”</p><p><img src="/cz/PublishingImages/aec-people/lukas-blaha-2016-02.jpg" data-themekey="#" alt="" style="margin:5px;width:113px;vertical-align:auto;float:right;" />The Ethical Hacking Specialists of the Year Award was given to the Head of the Penetration Department of AEC, <strong>Lukáš Bláha</strong>. “The Pentester Department is the largest division of AEC. We have invested in the training of employees and, over the past six years, we have also executed large projects abroad. Our ethical hacking specialists have gained great prestige for example in Indonesia, Switzerland, Ireland, Belgium and elsewhere. However, we carry out most tests for foreign clients in the Czech Republic. We have extensive know-how based on long-standing experience. We are very flexible, effective and reliable, and we are not afraid of challenges. We deliver real quality to our clients. We greatly appreciate the award; I see it as an award for the entire team. I am proud that a relatively small Czech company can achieve such a success in a prestigious international competition,” he added.</p> <p> <em> <img alt="Cyber Security Award 2019" src="/cz/PublishingImages/news/2019/Cyber%20security%20award.jpg" data-themekey="#" style="margin:5px;width:650px;" /> <br></em></p><p> <br>  </p>
WhatsApp vulnerability vulnerability<p>​At the beginning of last week, a vulnerability in WhatsApp was publicly revealed which gave attackers a possibility to run malicious code on mobile devices that could allow leak of sensitive data. The vulnerability has already been removed in the app's newer versions, so the only protective measure required is to update to the latest version. </p><p>The attack exploited buffer overflow vulnerabilities. An attacker called to Whatsapp from an unknown telephone number using the VOIP protocol, which is used for this type of calls. During the ringing and connecting phase, the attacker sent specially modified SRTCP protocol packets that caused buffer overflow. Common SRTCP packet types are used to establish a secure connection between users. The buffer overflow then enabled the attacker to run its code in the memory where the application normally does not have access. Consequently, the attacker could gain access to the infected mobile device's data and steal it.  </p><p>From the user's point of view, the attack went through unnoticeably. Users did not have to accept the attacker's call since the attack took place already in the ringing phase. Once the malicious code was run, it deleted information about the missed call so the users did not realize they were being hacked. <br>The vulnerability was classified as critical since, among other reasons, it does not require user interaction or use of a higher-privilege account. According to the international scoring system CVSS v3.0, it is rated Critical with 9.8 points out of 10.  </p><p>All Whatsapp's vulnerable versions are listed on the website of the National Vulnerability Database under <a href="" target="_blank">CVE-2019-3568</a>, Android and iOS apps are listed below:</p><ul><li>WhatsApp for Android up to version v2.19.134 </li><li>WhatsApp Business for Android up to version </li><li>WhatsApp for iOS up to version v2.19.51 </li><li>WhatsApp Business for iOS up to version v2.19.51</li></ul>To avoid the vulnerability, please update your Whatsapp at least to the first higher version that is no longer vulnerable.
We have once again renewed the ISMS certification! have once again renewed the ISMS certification!<p>“We are happy to inform you that we have successfully defended our ISMS certification for yet another year. It is both an advert and obligation for us. By having a certified information security management system, we make it clear to our clients that we mean business about security. Not only in their own environments and implemented projects, but also internally,” summed up Jan Poduška, AEC's Head of Risk & Compliance Division.</p><p>We have obtained a certificate for compliance with the requirements of ISO/IEC 27001:2014 for the Czech and Slovak Republic. An ISMS can be defined as a documented management system aimed at ensuring an adequate level of information security within an organization in its information system and other processes. Our portfolio includes the design and implementation of information security management systems and other services related to the identification and evaluation of information risks.</p><p>We have held the certification since 2005, and so we have plenty of experience with it. Do you want to boast of your own ISMS? We will be happy to assist you at any stage of the certification process. Check out our services:</p><ul><li>preparation for certification and guidance through the certification process, </li><li>risk analysis, </li><li>definition and implementation of suitable measures to address identified risks, e.g., by preparing a security development strategy, </li><li>selection of a suitable solution, deployment analysis, and implementation of security technologies such as FW, DLP, SIEM, or document tagging, </li><li>penetration tests and information system audits, </li><li>design of security processes and preparation of documentation, </li><li>training, audits, and security tests according to security standards, including GDPR.</li></ul><p>More information about <span lang="EN-GB" style="line-height:115%;font-family:source-sans-pro;font-size:11pt;"><a href="/en/products-and-services/Pages/information-security-management-system.aspx"><span style="color:blue;line-height:115%;font-family:source-sans-pro;font-size:12pt;"><span style="text-decoration:underline;">ISMS certification</span></span></a></span> here.</p><table align="center" border="0" cellspacing="0" style="width:90%;height:200px;text-align:center;"><tbody><tr><td class="ms-rteTable-default" style="width:33.33%;"> <a href="/cz/PublishingImages/news/2019/AEC_ISMS_CQS_2019_cz.jpg" target="_blank">​ <img src="/cz/PublishingImages/news/2019/AEC_ISMS_CQS_2019_cz.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td><td class="ms-rteTable-default" style="width:33.33%;"> <a href="/cz/PublishingImages/news/2019/AEC_ISMS_CQS_2019_en.jpg" target="_blank">​ <img src="/cz/PublishingImages/news/2019/AEC_ISMS_CQS_2019_en.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td><td class="ms-rteTable-default" style="width:33.33%;">​​<a href="/cz/PublishingImages/news/2019/AEC_ISMS_IQNet_2019_en.jpg" target="_blank">​<img src="/cz/PublishingImages/news/2019/AEC_ISMS_IQNet_2019_en.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td></tr></tbody></table><p style="text-align:center;"> </p>
The AEC Security Conference offered an unprecedented range of topics this year AEC Security Conference offered an unprecedented range of topics this year<p>The 27<sup>th</sup> Security 2019 international conference took place in Prague on the last day of February. As is tradition, the largest independent event of its kind in the Czech Republic was organized by AEC. A total of 22 talks on the topic of cybersecurity, divided into two parallel – technical and management – sections, were attended by a record number of 670 registered people. The defining feature of this year's event was the wide range of presented topics, that had one thing in common which was a high level of expertise and an emphasis on practical usability.</p><p>“There is no place for marketing-business presentations at the Security Conference,” said Tomáš Strýček, the CEO of AEC, adding, “We place emphasis on the practical usability of the contributions; the main goal of our event is a professional standard of the individual talks and maximum benefit for the participants.” According to the head of the organizing company, the conference programme was also built on case studies presented by the customer. “We are not afraid of presenting unsuccessful projects to show the risks and to be able to learn from the mistakes,” Strýček pointed out.</p><p> <img src="/cz/PublishingImages/news/2019/security-2019-030.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>The contributions of nearly 30 security specialists from the Czech Republic, Slovakia, Greece, Austria, England, Israel, Finland and Germany included areas of fundamental principles of a systematic approach to addressing security in development, mobisle application security, or practical demonstrations of so-called ethical hacking. After all, the hacking tools ecosystem used by the American NSA hacker division presented by Lukáš Antala of AEC, the organizing company, was one of the most impressive among this year's presentations as voted by participants.</p><p> <img src="/cz/PublishingImages/news/2019/security-2019-049.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>The talk presented by Jan Tomíšek of Rowan Legal on the topic of cloud security from a lawyer's point of view, including adequate contract setting, was also gripping. Another interesting contribution, this time on the topic of mobile banking runtime protection, was presented by Petr Dvořák, the CEO of Wultra. Dušan Petričko, a delegate from Slovenská spořitelna, presented a highly innovative approach to the question of how to grasp DevOps in terms of security, or rather the question of the possibility of using appropriate tools.</p><p>As in the previous year, the conference was attended by the Chairman of the Czech Pirate Party, Ivan Bartoš, this time with the topic of Security Operations Centre in state administration. In his presentation, he dealt with reserves and options for security solutions – state-level SOC, highlighting the issues regarding the alignment of legislative and security requirements. At the same time, he thematized the uncertainties regarding the possible transferability of existing experience between the commercial and public sectors.</p><p>Security 2019 also included a number of additional programmes, including panel discussions and workshops, accompanied by the popular test lab. AEC penetration testers were available to the participants, under whose guidance, within the Capture the Flag contest, those interested could test their knowledge in fulfilling the given tasks in the areas of hacking, cracking, cryptanalysis and finding information from open sources. Another accompanying event was the exhibition part of the Expo Hall Conference with stands of individual partners. A new feature of this year's conference was the presentation of the Best Exposition Award received by ESET.</p><p> <img src="/cz/PublishingImages/news/2019/security-2019-091.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>“This year we witnessed another record attendance,” Tomáš Strýček commented on Security 2019. “We are, no doubt, excited to see a lot of interest, but even more than the number of participants we appreciate the growing quality of contributions, their thematic breadth and often the ability to capture further development and direction of individual ICT areas,” concluded AEC's Executive Director.</p><p> <img src="/cz/PublishingImages/news/2019/security-2019-014.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> <br> </p>
KKCG buys into AEC buys into AEC <p> <strong>Executives from the KKCG investment group and the owners of the Cleverlance Group signed an agreement today under which KKCG will buy majority stakes in AEC and Cleverlance Enterprise Solutions. The transaction paves the way for the establishment of a unique provider of ICT services that will operate under KKCG's management in the Czech Republic, with consolidated revenues in excess of CZK 5 billion, EBITDA over CZK 300 million, and more than 1,800 employees. The transaction is subject to merger clearance by the anti-monopoly authority. Until clearance has been obtained, Cleverlance Enterprise Solutions and AEC will act as an independent business entities.</strong></p><p> <em>"By acquiring majority stakes in AEC and Cleverlance Enterprise Solutions (CES), KKCG is pursuing its long-term strategy aimed at creating an ICT holding that will bring together specialized firms capable of offering clients a comprehensive portfolio of ICT products and services,"</em> said KKCG's Investment Director Michal Tománek in commenting on this year's first major ICT transaction on the Czech market. KKCG's involvement in the ICT sector began in 2017, when the group acquired a majority stake in AUTOCONT Holding, the largest independent provider of ICT services in the Czech Republic. The group's ICT portfolio also includes DataSpring and SafeDX data centers, Conectart, and startups acquired by the Springtide Ventures fund in the Czech Republic and Israel. <em>"Our goal is to develop the business of all of the companies in our portfolio. The main objectives include securing access to foreign markets and supporting the dynamic development of proprietary SW services and solutions. Most customers are undergoing digital transformation, a fact that provides a major opportunity for growth,"</em> explained Tománek.</p><p> <em>"We are happy to be a part of KKCG's ambitious plan to build an undertaking that will be the Central European leader in the segment of ICT and SW solutions. Already now, KKCG's technology pillar includes leading firms specializing in ICT services, HW and SW infrastructure, and cloud services. By adding AEC and Cleverlance Enterprise Solutions to its portfolio, KKCG will strengthen its position in the enterprise segment that focuses on application development and ICT security,"</em> revealed Jiří Bíba, CEO and Member of the Board of Directors at the Cleverlance Group. According to him, a positive role in negotiating the strategic partnership was played by the successful collaboration of KKCG's and the Cleverlance Group's experts two years ago when the Springtide Ventures fund bought into ThreatMark, a startup into which the Cleverlance Group had formerly made an angel investment. <em>"I am convinced that the partnership with KKCG is a step in the right direction that will usher Cleverlance into a new era of growth during which we will grow from a strong local firm into a major regional player, a strategic ICT partner to our customers and an employer of choice capable of offering new challenges for the professional development of our employees,"</em> explained Bíba.</p><p>AEC CEO Tomáš Strýček added, <em>"KKCG has been able to see the quality of our company's work during several domestic projects. Likewise, from our viewpoint, it was evident that security is given appropriate consideration. We hope that being a part of such a major group as KKCG will provide us with access to new foreign markets. To date, AEC has successfully completed reference projects in 28 countries around the world."</em></p><p>KKCG will purchase majority stakes in AEC and Cleverlance Enterprise Solutions (CES) from the Cleverlance Group for an undisclosed sum. The Cleverlance Group will retain a minority share in the joint venture, and its executives Jiří Bíba, Vít Urbanec, and Petr Štros will continue to take part in the management of CES. Likewise, minority shareholder Tomáš Strýček, will participate in the management of AEC. The management of the operations of KKCG's new ICT holding will be the responsibility of Milan Sameš. </p><p> <br> <strong>Cleverlance Group</strong><br>The Cleverlance Group brings together Czech IT companies providing consulting, solutions, and services with a focus on finance, telecommunications, utilities, and public administration. Members of the Cleverlance Group operate internationally and include Cleverlance Enterprise Solutions, AEC, TrustPort, CTS TRADE IT, and Cleverlance H2B.</p><p>With organic growth at an annual rate of 12-15%, the Cleverlance Group has made investments into such new products and technologies as ThreatMark, CleverBus, Multichannel Banking, People@Work, the CleverBSS telecommunications bundle, and CleverBin smart garbage containers. The Cleverlance Group is currently completing the initial implementations of virtual reality solutions and the Empeena empathic chatbot. </p><p> <strong>KKCG Investment Group </strong> <br>KKCG manages leading corporations with an aggregate book value in excess of EUR 5.2 billion. KKCG and companies owned by the group have more than 3,500 employees and conduct business in 19 countries in various parts of the world. KKCG holds stakes in such corporations as the MND Group, the SAZKA Group, US Methanol, the FISCHER Travel Group, and others. </p><p>KKCG companies conducting business in the information technology sector include AUTOCONT, Conectart, DataSpring, and SafeDX. AUTOCONT is the largest independent provider of ICT services in the Czech Republic. Conectart offers an all-inclusive portfolio of contact centers. DataSpring provides professional cloud and ICT services with a focus on data analysis and processing, business intelligence consulting, and proprietary software development. DataSpring operates a Tier III-certified data center. SafeDX is a joint venture of KKCG and the technology giant Foxconn, providing cloud services and ICT operations outsourcing using infrastructure located in the company's own data centers. Springtide Ventures is a venture capital fund specializing in the identification of high-potential startups. To date, Springtide Ventures has acquired stakes in the Israeli companies Bio-Nexus and SpotInst and in such Czech firms as cloud4com, Geewa, Techloop, and ThreatMark. KKCG's portfolio also includes Jazz Venture Partners, a Silicon Valley-based investment fund specializing in human enhancement and neuroscience technologies.<br></p>
AEC Is Now a 3 Star Check Point Partner Is Now a 3 Star Check Point Partner<p>AEC has deepened its long-term partnership with the Check Point company and has achieved the Certified Collaborative Support Provider status. In addition, AEC advanced to the 3-Star level partner within the Stars Program, which is the Check Point global partnership program.<br><br></p><h2>3 STARS PARTNER</h2><p>We have successfully achieved the “3 STARS PARTNER” certification awarded by the Check Point Software Technologies Ltd. company. We have demonstrated our successfully finished projects, outstanding expert knowledge, sufficient substitutability, well-working support, as well as the required number of technical and business certifications.</p><p>Advancing to the 3-Star level clears the way to easier and more flexible cooperation with the Check Point company in the Czech Republic. This steps also brings shorter sales cycles and increased technical support capacity to our customers.</p><p>Our team sees this partnership as an evidence of a job well-done and also as a commitment to all our customers and also to the Check Point company. Our specialists are available during support, migration, management, monitoring, and implementation of their security solutions.</p><p style="text-align:center;"> <img src="/cz/PublishingImages/news/2019/StarsPartnerLogo_3Stars.jpg" data-themekey="#" alt="" style="margin:5px;width:210px;" /> </p><h2>CERTIFIED COLLABORATIVE SUPPORT PROVIDER </h2><p>We have demonstrated high level of professionalism during realization of our projects and expert knowledge and sufficient personal resources when solving any occurring issues. The fact that we hold the “Check Point Collaborative Support Provider” status means that we can collaborate directly with the Check Point core support team, including the possibility to use their engineering teams at our customers’.</p> <p style="text-align:center;"> <img src="/cz/PublishingImages/news/2019/SpecializationsLogo_CCSP.jpg" data-themekey="#" alt="" style="margin:5px;width:200px;height:200px;" /> </p>
AEC regained the Quality Management System Certificate regained the Quality Management System Certificate<p>The AEC a.s. company successfully defended the ISO 9001:2015 Quality Management System certificate. The final report released by the Lloyds Register certification authority shows that the quality management system established in the company is an effective tool for its management, or for management of its processes, respectively, and is being improved on continuous basis.</p> <p style="text-align:center;">  <img class="maxWidthImage" alt="QMS UKAS" src="/cz/PublishingImages/news/2018/qms-logo-ukas.jpg" data-themekey="#" style="width:350px;height:245px;" /> </p><p>The AEC a.s. company successfully defended the ISO 9001:2015 Quality Management System certificate. The final report released by the Lloyds Register certification authority shows that the quality management system established in the company is an effective tool for its management, or for management of its processes, respectively, and is being improved on continuous basis.</p><p> <em>"In recent years, the AEC company has undergone significant changes, while the number of our employees rose considerably. To us, obtaining the certificate is a proof of the fact that we kept our unique know-how while the company was continuously growing. We do not perceive the applied quality system management principles as a bureaucratic duty but as a tool for efficient management and for increasing transparency of processes. We place great emphasis on quality of our services, as proven also by the other certificates we obtained. Our satisfied customers are also confirmation of the fact that this strategy is correct," </em>said Tomáš Strýček, the AEC company Executive Director.</p><p>The Quality Management System is described in the familiar series of ISO 9000 standards. These are the standards issued by the International Organization for Standardization (ISO). The ISO 9001:2015 standard then serves as the corner-stone for building of the entire system. It defines requirements for quality management systems in the companies that demonstrate their ability to consistently deliver products compliant with technical and legislative regulations and, at the same time, the products corresponding with the ever-changing customer requirements.</p><p> <a href="/cz/Documents/Files/aec-qms-2018-cz.pdf" target="_blank">QMS certifikát (CZ)</a><br><a href="/cz/Documents/Files/aec-qms-2018-en.pdf" target="_blank">QMS certifikát (EN)</a><br></p>
Our colleagues have won a forensic analysis competition colleagues have won a forensic analysis competition<p> Last week, we were invited to the RSA company event - Capture the Flag. This event took place in the Arrow ECS training room, and during an opening lecture, we listened to an introduction to the theory and marketing of the <a href="/en/products-and-services/Pages/nba.aspx">RSA NetWitness</a>product. The theory, as well as the following game, was presented and supervised by the genuine expert Miha Mesojedec <a href="/en/about-us#partners">from the RSA company</a>.</p><p style="text-align:center;"> <img src="/cz/PublishingImages/news/2018/rsa-capture-the-flag.jpg" data-themekey="#" alt="" style="margin:5px;" /> </p><p>Afterwards, we found ourselves directly in the centre of all action and the promised collecting of flags begun. The event participants divided into 4 teams tasked with resolving the given tasks through data analysis and investigation. The playing field was visualised as a world map, where every continent would contain one security incident and each country on the given continent held one task for the security threat to be investigated and clarified. The assignments were composed of tasks gradually growing from easier up to complex ones, which were evaluated by points depending on the forensic analysis difficulty. A 3-hour limit was set for resolution of all assigned tasks; we utilized it in full and successfully resolved all the assignments.</p><p>When the time limit was up, announcement of the competition winners followed. The RSA – Capture the Flag winning team was the one including our co-workers Lukáš Solil and Jakub Kouba.</p>
AEC obtained McAfee DLP Service Delivery Provider certification obtained McAfee DLP Service Delivery Provider certification<p> Our company has successfully achieved the “Service Delivery Provider – McAfee DLP” certification for the Czech and Slovak markets. Thus, instead of ordering mandatory foreign support (Professional Services) directly from the producer, AEC is now authorized to provide the services regarding McAfee DLP implementation and deployment locally.</p><p>This way, we can save our customers not only significant amount not of money, but also time. Our security specialists’ hourly rate is considerably lower when compared to the foreign McAfee technical experts. Moreover, there will be no additional costs related for example to travelling. And easier communication in Czech or Slovak language is an equally important benefit for our customers as well.</p><p>McAfee technologies have been part of our portfolio since the very foundation of our company. The first contract with AEC was signed as early as 1991, and that by John McAfee himself. In order to achieve the Service Delivery Provider status, we had to successfully pass the required number of technical certifications and to give evidence of formal requirements related to management of our projects.</p><p>With respect to change of the McAfee company business strategy, and the resulting reduction of its territorial representation, we are ready to continue with providing support of all security solutions for our corporate customers.</p><p> <img alt="Jan Rulíšek AEC" src="/cz/PublishingImages/news/2018/jan-rulisek-2018-02.jpg" data-themekey="#" style="margin:10px 20px 5px 15px;width:102px;vertical-align:auto;float:right;" /> <em>„We are very happy to achieve the Service Delivery Provider status with the McAfee company for the DLP product line. It is this way that AEC has proven its high technical expertise, professionalism, and its technical team experience. We are able to offer professional and experienced team of experts to our customers who strive to achieve maximum network security by using our services. At the same time, we are happy to support other McAfee partners implementing the DLP solution and we will offer them delivery of our Professional services for their projects,“</em> said Ing. Jan Rulíšek, AEC a.s. Sales Director.</p><p> </p> <p style="text-align:center;"> <img class="maxWidthImage" alt="McAfee" src="/cz/PublishingImages/news/2018/McAFEE_SERVICE_DELIVERY_PROVIDER_RGB.jpg" data-themekey="#" /> </p>
AEC regained the Information Security Management System Certificate. regained the Information Security Management System Certificate.<p>The AEC company successfully defended its compliance with the requirements defined by the ISO/IEC 27001:2014 standard, both for the Czech Republic and Slovakia. Thus, the company can continue to demonstrate the certified information security management system (ISMS).</p><p>Due to the information security area services in its portfolio, this certification is of key importance for AEC. The company's portfolio comprises not only the information security management system design and implementation as such, but other associated services as well. These are for instance identification and evaluation of information risks, definition and implementation of appropriate measures, design and implementation of technical security, penetration testing and information systems auditing, security procedures design and preparation of documentation, and security audits and screenings in compliance with the security norms and standards, including the often-mentioned GDPR topic.</p><p>Certification pursuant to ČSN ISO/IEC 27001:2014 is indispensable for our company. Not only is this certification virtually a dogma for us, due to the services we offer, but, more often than not, it is a necessary condition to be able to participate in many executed projects. This way, we guarantee to all our partners and customers that their data and sensitive information is safe with us and that we handle it in compliance with the information security principles.</p><p> </p><table align="center" cellspacing="0" style="width:90%;height:200px;text-align:center;"><tbody><tr><td class="ms-rteTable-default" style="width:33.33%;"> <a href="/cz/PublishingImages/news/2018/AEC_ISMS_CQS_2018_cz.jpg" target="_blank">​ <img src="/cz/PublishingImages/news/2018/AEC_ISMS_CQS_2018_cz.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td><td class="ms-rteTable-default" style="width:33.33%;"> <a href="/cz/PublishingImages/news/2018/AEC_ISMS_CQS_2018_en.jpg" target="_blank">​ <img src="/cz/PublishingImages/news/2018/AEC_ISMS_CQS_2018_en.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td><td class="ms-rteTable-default" style="width:33.33%;">​​<a href="/cz/PublishingImages/news/2018/AEC_ISMS_IQNet_2018_en.jpg" target="_blank">​<img src="/cz/PublishingImages/news/2018/AEC_ISMS_IQNet_2018_en.jpg" data-themekey="#" alt="" style="margin:5px;width:120px;" /></a></td></tr></tbody></table>
Success at the Security 2018 conference was mainly registered by case studies and foreign speakers at the Security 2018 conference was mainly registered by case studies and foreign speakers<p>​Thursday, 1 March, the 26th <a href="">Security 2018 Conference</a>, organized by the AEC IT security, was held in Prague. The conference brought together nearly 600 participants and 32 keynote speakers from across Europe. According to the final vote of the conference participants, in particular, it was the contributions in the technical part of the program and their specific practical focus that engaged attention this year. In the evaluation of individual performers, the visitors to the conference particularly appreciated the performances of foreign speakers, many of whom had attended a similar event in the Czech Republic for the first time.</p><p>The largest conference on cybersecurity in the Czech Republic, Security, organized by AEC, presented 32 main contributions from speakers from all over Europe this year. Among the individual performers were Tomáš Rosa of Reiffeisenbank, Tobias Schrödl, or Jan Tomíšek of Rowan Legal. Ivan Bartoš, Chairman of the Czech Pirate Party, and Miroslava Matoušová from the Office for Personal Data Protection also presented their contributions.</p><p> <img src="/cz/PublishingImages/news/2018/2018-03-01-tom416.jpg" data-themekey="#" alt="" style="margin:5px;width:300px;" /> <img src="/cz/PublishingImages/news/2018/2018-03-01-tom109.jpg" data-themekey="#" alt="" style="margin:5px;width:300px;" /><img src="/cz/PublishingImages/news/2018/2018-03-01-tom323.jpg" data-themekey="#" alt="" style="margin:5px;width:300px;" /> <img src="/cz/PublishingImages/news/2018/2018-03-01-tom174.jpg" data-themekey="#" alt="" style="margin:5px;width:300px;" /></p><p>In the evaluation of <a href="">thematic blocks</a>, the technically oriented parts of the conference were of the greatest interest: “Evolution of security threats” and “Specific cases of attacks”. As for the speeches in these blocks, the conference participants most appreciated their professional depth and specific focus. As regards the management part of the program, in particular, the block “85 days to GDPR” received a positive response.</p><p>The nature of the contributions has always been checked by a special program committee that oversees their strict independence and professional standing. The exact 568 registered visitors arrived At the conference.</p><p>AEC Chief Executive Tomáš Strýček adds to the whole event: <em>„We are glad that this year’s conference has also been a success for visitors. The fact that the participants have noticed an ever improving level, especially in the content part, is positive for us and therefore we are able to fulfil what we set out years ago. However, I feel that for a long time now our conference has not just been about speeches. It has become an important networking site where IT security professionals meet and exchange experience from their work.“</em></p> <p> <img src="/cz/PublishingImages/news/2018/2018-03-01-tom081.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> <br> </p>
Our Prague office has moved to a new address. Prague office has moved to a new address.<p>​We would like to announce that on the 5th of February 2018 we moved into our new office space at:<br><strong>Olbrachtova 9, Prague 4, Czech Republic</strong>.</p><p>You can find us very easily. We are located right above Subway Line C (Budějovická).</p><p> <img src="/cz/PublishingImages/news/2018/AEC-Olbrachtova.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>As you have probably noticed, our team has grown significantly in the last few years. From a few employees we have grown into a strong and stable company with dozens of security specialists. The vast majority of the Prague office is made up of the Penetration Testing Team and the Sales Department. Although at our new location you can also meet colleagues from the Security Technologies or the Risk & Compliance Divisions.</p><p>You can contact us using our new phone number: +420 226 229 133. </p><p>We know you will enjoy it here as much as we do.</p><p>We look forward to your visit.</p><p> </p><p>See our contacts: <a href="/en/contact"></a>. <br></p>
AEC statement on Meltdown & Spectre vulnerabilities. statement on Meltdown & Spectre vulnerabilities.<p>During the last few weeks, the internet news and papers are being filled with information about the Meltdown and Spectre security defect. These two are hardware vulnerabilities, which, once again after some time, affect the general public all over the world.</p><h2>What is the problem about?</h2><p>Microprocessors, which are today an integral part of the daily life of each person or household, are the core of problem. The main names that are being mentioned in association with these vulnerabilities are Intel, AMD, or ARM. But this issue concerns also other companies with products based on similar technologies, such as nVidia graphic processors, A-chips in Apple mobile devices, or Snapdragon processors from the Qualcomm company. Theoretically, this issue thus concerns the major part of the computers, mobile phones, and data centers existing all over the world.</p><h2>More detailed view?</h2><p>Both these vulnerabilities differ on the principle, but both of them, simply put, enable access to that part of the processor memory, into which the process has, under normal circumstances, no proper authorizations.</p><p> <strong>Meltdown (Rogue Data Cache Load, CVE-2017-5754)</strong> is based on the situation, where a harmful process can gain access to the memories of operating system, processes, or virtual machines, which can be found in the same cloud. The main targets are the selected chips from the ARM family, but most of all, the great number of the x86 Intel microprocessors that contain a single memory, both for the processors, as well as for the system core. The attacker is thus able to access the operating system core memory, including the process, simply operating under an unprivileged user account. Of course, the processors contain security mechanisms checking any access to the protected area of the memory, but before there comes a turn for these instructions to happen, the content of the core is already loaded into the cache of the memory, where, with the right timing, it is freely accessible.</p><p> <strong>Spectre (CVE-2017-5753, CVE-2017-5715)</strong> is somewhat more global issue, impacting also the AMD processors and the other players named above. This vulnerability is resulting from the co-called code branch prediction technology, which is used by the processors in order to ensure their most efficient operation. Spectre is then divided into several variants, which are used by the attacking process in order to be able to access the restricted part of the cache. As opposed to Meltdown, the target is only the other processes’ memory, not the core of the system.</p><h2>Who is at fault?</h2><p>Although we could blame first and foremost the manufacturers of the processors, the answer to the question above is not so simple. In the past, the processors’ frequencies unambiguously determined their performance. But physical and technology limitations stood behind the fact that the manufacturers of the microprocessors started to develop diverse techniques optimizing the operation of the processor cores, processing the instruction chains, and calculations, all of it in the name of the microprocessor performance increase. Some of these techniques include for example the “out-of-order execution” allowing to execute calculation out of order, or methods for speculative executions and code branch predictions, which are trying to predict the correct sequence of the instructions inside the thread when the conditions are in place. Mostly technologies as these are behind the significant increase of the processors performance during the last few years; however, this positive effect occurred in exchange for the security deficiencies in their architectures, which surfaced fully only in the autumn of last year.</p><h2>Are my devices vulnerable?</h2><p>Until today, there are no attacks known, which would misuse the above-mentioned vulnerabilities. In order to keep it that way, there are no specific technical details available, apart from the already published articles.</p><p>You can test it yourself, whether your computer is protected against Meltdown or Spectre. Presence of the first of these vulnerabilities may be checked either by using the script issued by Microsoft few days ago, or by a free Spectre Meltdown CPU Checker application issued by the Ashampoo software company. A special web page of the Tencent's Xuanwu Lab Chinese security team can be used in order to check whether for example your internet browser is protected against Spectre.</p><p> <a href="" target="_blank"></a><br><a href="" target="_blank"></a><br><a href="" target="_blank"></a></p><table class="ms-rteTable-default" border="0" cellspacing="0" style="width:100%;"><tbody><tr><td class="ms-rteTable-default">​<img src="/cz/PublishingImages/news/2018/spectre-meltdown-cpu-checker.png" data-themekey="#" alt="" style="margin:5px;width:167px;height:170px;vertical-align:auto;float:right;" /></td><td class="ms-rteTable-default">​<img src="/cz/PublishingImages/news/2018/windows-powershell.png" data-themekey="#" alt="" style="margin:5px;width:254px;height:170px;vertical-align:auto;float:none;" /></td><td class="ms-rteTable-default">​<img src="/cz/PublishingImages/news/2018/spectre-vulnerability-check.png" data-themekey="#" alt="" style="margin:5px;width:193px;vertical-align:auto;float:left;" /></td></tr></tbody></table><p>   </p><h2>How to protect yourself?</h2><p>Since it is a hardware defect, its correction is very complicated. It is a threat to all operating systems – starting with desktop MS Windows, Linux, or Mac OS, up to mobile iOS, Android, or Windows Mobile. No matter if this issue affects the products of the previously mentioned manufacturers more or less, all of the microprocessors and operating systems manufacturers are recently, one by one, issuing security patches, which should serve as a software prevention of misuse of the Spectre and Meltdown vulnerabilities in the future.</p><h2>Consequences?</h2><p>Users should not, apart from compulsory updates and shutdowns of servers and cloud services, be significantly impacted by these problems. Security patches for Intel processors are still the great unknown, because their shared memory architecture requires a more complex correction on the operating system side. At present, this fact manifests itself in a form of lower performance during selected operations in Microsoft Windows 7 and 8.1 systems, and in some Linux distributions, namely in case of older processors. But this situation is not final because the developers are working intensively on optimization of their patches. Therefore, it is quite possible that in few weeks the situation will be stabilized and everything will be back on track. At least until the experts discover some other critical vulnerabilities, which will influence the world of information technologies once again.</p>
AEC statement on the KRACKs vulnerability statement on the KRACKs vulnerability<p>​<strong>In the past few years, we got used to the WPA2 standard providing secure Wi-Fi connection to the network. Yesterday, (October 16th, 2017), a discovered KRACKs vulnerability was published. Under certain circumstances, this vulnerability enables the Wi-Fi network to be compromised in a way that enables the attacker to read and forward communication. This vulnerability is an implementation attribute, i.e. it concerns the network cards and operation systems producers, while the WPA2 standard as such continues to remain secure.<br></strong></p><h2>Has the WPA2 standard been really broken?</h2><p>The WPA2 standard is based on a strong AES encryption working in a CCMP mode. Distribution of keys is processed through a “4way handshake“ cryptographic exchange protocol. Both above-mentioned principles have been formally verified and are considered to be secure. The KRACKs vulnerability does not breach the WPA2 standard security in any way, but it is pointing to its wrong implementation. The main issue being that the vulnerable devices include an incorrectly implemented status automaton processing of keys exchange. Due to this defect, it is possible to repeatedly re-send the key transmitted from the access point (AP) and as a result, the device will accept it and overwrite the original key. The situation is even worse when it comes to the Linux and Android systems using the wpa_supplicant Wi-Fi administration tool. These systems replace the original key by all-zeros, which significantly degrades the encryption system, resulting in the encryption to be processed only on basis of an initialization vector that may be acquired from the transmitted frame.</p><p>It is not possible to acquire the key to the operation deciphering or the network access through the KRACKs vulnerability. Thus, it is not possible to stop the vulnerability by changing the current password. In case the WPA2-enterprise mode is used, it is not possible either to obtain the authentication data nor to disrupt the authentication process. Authenticity of the workstation being connected and the access point authenticity are both retained. The secure channel for cryptographic exchange of keys will be also retained.</p><h2>What is it really about?</h2><p>In order for the Wi-Fi network to become compromised, it is essential for the attacker to be located within the reach of the access point and the workstation. Then, the Man-in-the-middle type of attack is launched (the attacker positions himself as a mediator in the communication). This is done by issuing a false access point with the same address as that of the real AP, but at a different frequency. As a next step, the workstation is reset to the false AP frequency through a special frame, then the exchange of keys takes place, and when the moment is right, the key designed for encryption and deciphering of the workstation communication is repeatedly re-sent.</p><h2>What will the attacker get out of it?</h2><p>The attacker is able to listen in and to forward communication, which, under certain conditions, enables him to take over the TCP connection providing him with the possibility to interfere with and modify the communication of application protocols, such as the website operation HTTP protocol. In case a secure HTTP protocol is utilized, the attacker is able to plant a false certificate or is able to switch the communication to an insecure connection.</p><h2>So, what does it mean in practice?</h2><p>In case the attacker carries out the attack through this vulnerability, all the data transferred through the unsecured protocols becomes visible to the attacker. And in case of the secured protocols, the road to their compromising is getting much easier. Sensitive company data or access to internet banking can be the goal of the attacker. Simply put, after the attack has been carried out successfully, we lost the first line of defense.</p><h2>Which devices are vulnerable?</h2><p>All systems utilizing the wpa_supplicant Linux tool as a basis of the Wi-Fi subsystem are vulnerable. I.e. this covers all Linux distributions, OS X, MacOS, and 31% of Android systems. The iOS and Microsoft Windows systems are less vulnerable, which makes it impossible to launch the attack to such extent. The attacker would be able to get data from some system protocols working on broadcast principle only.</p><p>To repair the vulnerability, a new variable to the status automaton processing the 4-way handshake has to be added. Thus, it is very easy to repair it. The Microsoft company and the Debian Linux distribution have announced the repair of this vulnerability on the 10<sup>th</sup>, or 16<sup>th</sup> October, respectively.</p><p>But there is no easy way or tool to find out if the given device, or an operation system, respectively, is still vulnerable, at present. </p><h2>What we recommend?</h2><p>Until the device and operation systems producers repair the defect, we recommend to always use a VPN connection when on the Wi-Fi network. For enterprise customers, we recommend enforcing connection through VPN by central security policies, based on the actually utilized technology. All other security provisions, such as utilization of HTTPs for communication on the website, can be bypassed.</p><p>How to protect yourself further from the KRACKs vulnerability? Follow your device producer’s website in order to find out if the security patch has been released. Update!<br></p>
AEC is professional guarantor of the Secondary School Competition of the Czech Republic in cyber security. is professional guarantor of the Secondary School Competition of the Czech Republic in cyber security.<p>The first year of national competition in cyber security designed for secondary school students was organised by AFCEA Cyber Security Work Team in cooperation with a number of government, academic and professional partners, including the AEC.</p><p>The competition was divided into three rounds. The difficulty and complexity of the question and tasks increased in each round. The first round took place on-line at the turn of November/December 2016 and contained 15 more or less general questions from five areas of cyber security; the second round, which was also realised on-line in March 2017 comprised 10 practical tasks. Within the framework of the third round – final with obligatory attendance – was organised on 1st June 2017 in Brno within the framework of the International Defence and Security Technologies Fair IDET 2017, the 30 best competitors solved six complex team tasks for which they were given a solution time limit.</p><p> <img src="/cz/PublishingImages/news/2017/stredoskolska-soutez-2017-1.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>The first round of the competition was entered by almost 1,100 students from 162 different secondary schools, 286 students measured their skills in the second round and the 30 best students entered the final round.</p><p>Candidates for the Czech National Team destined to participate in the European finals were selected in the final round. Their qualifications were confirmed at the summer camp in the Cyber Polygon of Masaryk University in Brno in June 2017.</p><p>The executive guarantor of the cyber competition was the Work Team of the Czech Branch of the AFCEA (Armed Forces Communication & Electronics Association).The major professional guarantors were the National Security Authority of the Czech Republic (NSA) and the National Centre for Cyber Security (NCCS).Other professional guarantors were, for example, the Ministry of Interior of the Czech Republic, Ministry of Labour and Social Affairs, Czech technical University in Prague, University of Defence of the Czech Republic, Police Academy of the Czech Republic, Masaryk University, Brno University of Technology and others. AEC prepared a set of questions especially from the area of ethical hacking for the second and final rounds.</p><p> </p><p> <img src="/cz/PublishingImages/news/2017/stredoskolska-soutez-2017-2.jpg" data-themekey="#" alt="" style="margin:5px;" /> </p><p>AEC counts on future support for this excellent project. It also offers support to the selected successful students in their studies and a possibility for co-operation in real security projects.</p>
Springtide Ventures and Rockaway invest into the Czech Startup ThreatMark. Ventures and Rockaway invest into the Czech Startup ThreatMark.<p> <a href="">ThreatMark s.r.o., </a> <img alt="threatmark" src="/cz/PublishingImages/news/2017/threatmark.png" data-themekey="#" style="margin:10px 20px 5px 15px;width:150px;vertical-align:auto;float:left;" />a company that has developed a solution for mobile and web-based applications that provides effective protection against fraud and cyberattacks, has attracted two leading domestic investors. The Springtide Ventures Fund from the KKCG Group and the Rockaway Ventures Division of the Rockaway Investment Group have acquired a 32.2% stake in ThreatMark.</p><p>The two investors intend to provide ThreatMark not only with financial backing, but also with know-how, and take part in the company's management and assist it with market entry in other European countries as well as in the U.S. and Asia.</p><p>ThreatMark was established in Brno two years ago as a laboratory specializing in the development of solutions for cybersecurity and protection against online fraud. The company's products are the response to the insufficient security of online applications and, more importantly, the fact that the security of their users continues to be neglected. Apart from developing proprietary security solutions, ThreatMark conducts research into malware detection, artificial intelligence, and behavioral biometry, and applies the results of its research activities into the production environment, banking systems in particular.</p><p>Thanks to its robust nature, the system developed by ThreatMark is able to compete with established brands on the fraud detection market. The unique features and the company's innovative approach to rapid integration helps to gain competitive advantage. ThreatMark's solution processes hundreds of parameters that define clients' actions when opening a new account online, during the logon process, and also helps to protect users during their interaction with the applications. It analyzes hundreds of connection, device and session parameters and measures the interaction of the users with the device and the application. This in combination with action context and transaction content analysis is used to predict high-risk operations, detect hacker attacks against payment systems, and prevent unauthorized access to online accounts in mobile and web-based applications. The solution also allows banks to comply with the legal requirements under the PSD2 directive.</p><p>ThreatMark currently operates in the Czech Republic, Poland, Slovakia, and the United Kingdom.</p><p>During its beginnings, ThreatMark was assisted by the Cleverlance Group, a Czech IT corporation that acted as a seed investor, and provided ThreatMark with the necessary starting capital and access to the Czech and Slovak markets through its subsidiary AEC, a.s. AEC acted as ThreatMark's system integrator and brokered contacts to its established clients in the financial sector. Cleverlance will continue to hold an ownership interest in the company.</p><p> <em>"ThreatMark has developed a system that very effectively detects the entire spectrum of fraud and current attacks against online applications. Thanks to its robust nature, the product is able to compete with established brands on the fraud detection market, and the company's innovative approach facilitates fast integration into existing IT systems," </em>explained AEC's CEO and ThreatMark's co-founder Tomáš Strýček.</p><p>By acquiring a stake in this Czech startup, Springtide Ventures has demonstrated adherence to its strategy of investing into Central European and Israeli companies with a potential to operate on the global scale and succeed on advanced markets, particularly in Europe and in the U.S. As in other projects, the fund plans to take advantage of its strengths: the KKCG Group's size and resources, effective management system, IT expertise, base of operations in the heart of Europe, and experience with expansion to global markets.</p><p> <em>"We find ThreatMark attractive because of its products and the market it targets. The number of attacks against services that require online login grows every year in terms of their frequency, extent, and seriousness. For instance, while as much as 200 million dollars was stolen from online accounts in the United Kingdom alone in 2014, the sum grew by another 25% one year later. At the same time, a significant portion of attacks remain undetected for a long time, in part due to their increasingly sophisticated nature,"</em> said Executive Director of Springtide Ventures Marek Jablonský. </p><p> <em>"For most startups, venture capital is the holy grail. We've succeeded in reaching this milestone, thanks to the hard work and expertise of the entire ThreatMark team. The new capital as well as the extensive experience of our partners will allow us not only to accelerate the development of our product, but also, and more importantly, to boost business activities on foreign markets," </em>added Michal Tresner, Executive Director and one of the founders of ThreatMark.</p><p>For the Rockaway Investment Group, the transaction adds another company to the startup portfolio of the Rockaway Ventures Division. The decision to buy into ThreatMark was based on the company's team of technology experts and unique solution with high global scaling potential.The transaction has been overseen by Andrea Lauren, a Rockaway Instrument Partner and fintech specialist who has recently joined the group's management. </p><p> </p><p> <strong>Springtide Ventures</strong><img alt="springtide" src="/cz/PublishingImages/news/2017/springtide.png" data-themekey="#" style="margin:10px 20px 5px 15px;width:150px;vertical-align:auto;float:right;" /></p><p>Springtide Ventures is an investment fund specializing in companies with global ambitions whose products and services are based on or closely related to information technologies (IT), mainly in such areas as digital marketing, geoinformation systems, online gaming, cloud infrastructure, cybersecurity, and big data. To date, Springtide Ventures has invested into six Czech and Israeli companies. In the forthcoming years, the fund plans to invest to the tune of EUR 40-60 million.<br></p><p> <strong>KKCG Investment Group</strong><img alt="kkcg" src="/cz/PublishingImages/news/2017/KKCG.jpg" data-themekey="#" style="margin:10px 20px 5px 15px;width:150px;vertical-align:auto;float:right;" /></p><p>KKCG is an international investment group with assets worth EUR 2 billion and more than 2,500 employees. The group's long-term investment strategy focuses on crude oil and natural gas production, lotteries, tourism, and investments into new technologies. KKCG holds stakes in more than 25 Czech and foreign corporations, including MND Group, SAZKA Group, DataSpring, SafeDX, VÍTKOVICE, FISCHER Travel Group, and others. KKCG operates in 10 countries worldwide.<br></p><p> <strong>Rockaway Capital Investment Group</strong><img alt="rockaway" src="/cz/PublishingImages/news/2017/Rockaway.png" data-themekey="#" style="margin:10px 20px 5px 15px;width:150px;vertical-align:auto;float:right;" /></p><p> <br>The vision of Rockaway Capital is centered on building Internet-based economy through value added. Rockaway currently follows two main investment strategies. The first one consists of buying into regional companies with a strong position and a proven business model, including the likes of Invia, Heureka, Chytrý Honza, or Mall Group, which operate on 15 European markets. The second strategy consists of providing backing to technology startups with global ambitions through the Rockaway Ventures Division. Rockaway is headed by Jakub Havrlant who founded the group in 2013 to pursue his investment activities. <br></p><p> <strong>Cleverlance Group</strong><img alt="cleverlance" src="/cz/PublishingImages/news/2017/cleverlance.png" data-themekey="#" style="margin:10px 20px 5px 15px;width:150px;vertical-align:auto;float:right;" /></p><p>The Cleverlance Group brings together Czech IT companies that operate on the international level in providing consulting, solutions, and services with a focus on finance, telecommunications, utilities, and public administration. The group includes Cleverlance Enterprise Solutions, AEC, TrustPort, CTS TRADE IT, and Cleverlance H2B. The business of Cleverlance Enterprise Solutions centers on supporting business processes and offering innovative services through the implementation of effective SW solutions.<br></p><p> <strong>AEC</strong><img alt="aec" src="/cz/PublishingImages/news/2017/aec.png" data-themekey="#" style="margin:10px 20px 5px 15px;width:120px;vertical-align:auto;float:right;" /></p><p>Since its establishment in 1991, AEC has been one of the leading Czech providers of products and services for data and information security. AEC offers security solutions produced by such global leaders as Check Point, RSA, Tenable, McAfee, FireEye, Forcepoint, IBM, and Kaspersky. The company's portfolio of information security services includes risk analytics, penetration tests, implementation of security processes, and other specialized services. AEC has been a member of the Cleverlance Group since 2008.</p>
AEC helps in the battle against cyber bullying in schools. helps in the battle against cyber bullying in schools.<p>Marian Němec, IT Security Consultant AEC, addressed the third year of the Safe School Conference, which took place on 25th May 2017 in the premises of the National Technical Library in Prague.</p><p>The space of the Balling Hall was sold out a month ahead of time; 255 participants attended the professional conference, especially from the ranks of the headmasters of schools from all levels and the professional public. The patrons were Milan Chovanec, Minister of the Interior of the Czech Republic, Mgr. Jana Vildumetzová, Chairperson of the Association of Regions of the Czech Republic, Mgr. František Lukl, MPA, Chairperson of the Union of Towns and Municipalities of the Czech Republic, Ing. Jaroslava Pokorná Jermanová, Hetman of the Central Bohemia Region and Mgr. Tomáš Zatloukal, Central School Inspector – Czech School Inspectorate.</p><p>Marian acquainted the attendees with the details of a brutal cyber bullying case from 2016 in which a female primary school student was bullied via Facebook. Together with our colleague, this panel was also addressed, for example, Mgr. Václav Klaus Jr.</p><p> <img src="/cz/PublishingImages/news/2017/bezpecna-skola-2017-1.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>The video collection of the individual lectures is available at the conference website: <a href="" target="_blank"></a><br>Final press release: <a href="" target="_blank"></a> </p><p> <img src="/cz/PublishingImages/news/2017/bezpecna-skola-2017-3.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p> <img src="/cz/PublishingImages/news/2017/bezpecna-skola-2017-5.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> <br> <img src="/cz/PublishingImages/news/2017/bezpecna-skola-2017-2.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p>
Jubilee 25th Anniversary of the SECURITY Conference 25th Anniversary of the SECURITY Conference<p>On Thursday, 23rd February, the 25th year of the <a href="">SECURITY Conference</a> took place in Prague’s Congress Hotel Clarion. This year, this traditional meeting attracted almost 650 security managers and auditors from the entire Czech Republic and the Slovak Republic. It is only with difficulty that you can find a similar event in our territory that is focused on information security with such a tradition, attendance and character.</p><p>SECURITY 2017 was again divided into the management and technical sections. The lectures in both halls were wholly synchronous and each visitor had the opportunity to arbitrarily move from one hall to the other and compile an own programme from the presentations, which corresponded to his interests. The AEC organisers at the conference annually open especially current and timeless topics. This year, the major topics were the problems of GDPR (Management Hall), Ransom ware and Internet of Things (Technical Hall).</p><p> <img src="/cz/PublishingImages/news/2017/konference-security-2017-02-23-tom0048.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>An autonomous programme committee strictly supervises the quality of the individual papers. Commercial product presentations have no place at the conference. Emphasis is placed on the high professionalism and independence of the individual lectures. And naturally on the practical benefits to the individual attendees. While leading foreign specialists were mainly invited to last year’s conference, this year’s afternoon programme comprised the case studies of realised domestic security projects.</p><p>Based on a vote by the attendees, the most highly appreciated lecture was delivered by Senior IT Security Consultant Ing. Martin Klubal of AEC that organised the event. In his presentation titled “ATM Hacking in practice”, he demonstrated how easily and by what methods it is possible to overcome ATM security. The second ranking speaker was Bedřich Košata, Chief Science Officer of CZ.NIC, who focused on the first big problems of the Internet of things. The imaginary winners’ podium was supplemented by two speakers with the same result. Igor Hák of Virus Lab ESET Software acquainted the attendees with the history of ransom ware and added a lot of practical demonstrations and several humorous situations from practice. Jan Tomíšek in the GDPR block analysed incident reporting, new obligations of processors and risk management.</p><p> <img src="/cz/PublishingImages/news/2017/konference-security-2017-02-23-tom0163.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p><p>However, the SECURITY Conference is not limited to the lecture halls. Its components are also the accompanying workshops and round table sessions. An ever more popular part is the hacker competition in which the participants under the guidance of AEC penetration testers fulfil set tasks from the areas of hacking, cracking, reverse engineering, cryptology and ICT security in general. No less significant was also the exhibition part with an array of the solutions provided by conference partners. Many stands were occupied by the members of the senior management of the companies, which lent the event even greater prestige.</p><p>According to the assessment made by the attendees, the conference fulfilled their expectations. The visitors remained on site until the very end. From the huge acclaim from the attendees, filled-in questionnaires and interviews conducted, additional interesting topics have been identified for next year. The organisers would like to thank all lecturers, attendees and all others who participated in the creation of the unmistakable atmosphere of the SECURITY 2017 Conference. At the same time, they promise that they shall do everything possible to ensure that next year’s event will also be a place where security experts will find inspiration for their difficult work.</p><p> <img src="/cz/PublishingImages/news/2017/konference-security-2017-02-23-tom0036.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /> </p>
TrustPort Threat Intelligence changes to GreyCortex Mendel Threat Intelligence changes to GreyCortex Mendel <p>​A new vendor in advanced IT security, GreyCortex company, was established in Brno this May. The company was founded by the product team that, until recently, was developing product Threat Intelligence for TrustPort company.</p><p>The product that is now sold under a brand name GreyCortex Mendel, is used for analysis and forensic monitoring of network operation. Its target market are middle-sized and big companies. Thanks to this product, they will get an autonomous system for identification of security and operation threats with a quick response in case any such threats are detected. Detailed and concurrently intuitive tool for company network administration is also part of the solution.</p><p>GreyCortex company bought the technology and the relevant product rights from the TrustPort company that is member of the Cleverlance Group. Further development of the product in GreyCortex company is secured thanks to an investment made by a Y Soft Ventures fund specializing in supporting development of technology companies in Central Europe.</p><p>“Nothing changes for our current customers. AEC continues to be their business partner and a support provider. Moreover, we believe that moving the product into a separate company, as well as the partnership with Y Soft will create favorable conditions and we will bring more and more high quality and advanced solutions to our recent and future customers,” said Tomáš Strýček, AEC managing director.</p><p>“We are very pleased that AEC remains to be our primary distributor in the Czech and Slovak Republic. We appreciate very much their long-term experience with the GreyCortex Mendel product and the trust of their current customers,” said Petr Chaloupka, GreyCortex managing director, who, apart from other companies, held top management positions in Comguard, AVG, and Konica Minolta companies. </p>
We celebrated the 25th anniversary of our company! celebrated the 25th anniversary of our company!<p>Yes, it has already been a quarter of a century that we have been taking care of information security for our customers. From a local provider of antivirus protection (on floppy discs), we have grown into well-known international experts on information security.</p><p>Who are we, and what do we do? Check out our short anniversary video!</p> <iframe width="560" height="315" src="" frameborder="0"></iframe>
The conference SECURITY 2016 exceeded its limit of 500 participants. conference SECURITY 2016 exceeded its limit of 500 participants.<p>In its twenty-fourth year, the conference SECURITY attracted a record number of Czech and Slovak security specialists and managers to the Clarion Congress Hotel in Prague. The event confirmed its leading position among Czech security conferences.</p><p>The excellent reputation of this event is not only limited to the Czech environment. It has also become a pivotal event for representatives of Slovak companies and organizations. Its reputation is spreading to other countries. The reality is that half of the program this year comprised foreign speakers from all over Europe. It was a unique opportunity for the participants to compare the current situation in our countries and abroad.</p><p>Although the company AEC is behind the conference, SECURITY is organized as a wholly independent event. Its program committee mainly consists of independent security consultants, who strictly ensure a professional level of specific lectures. Emphasis is especially placed on the maximum benefit for participants and the practical utility of contributions. Inputs are designed to bring different perspectives of the security problem. It strives to point out the differences between the perception of customers and suppliers. Lawyers and representatives of organizations' operating units also comment on these specific issues based on the expertise they have gained from their own experiences.</p><p>The conference has traditionally been held in two parallel halls with different programs in each hall. Participants were able to move freely between the halls and compose their own programs in order to fully meet their interests. Security Operation Center topics such as current threats, the principles of the security of social networks, and the security of data stored in the cloud environment were discussed in the "management" hall.</p><p>Sophisticated security solutions and advanced tools with examples of their use were introduced in the "technical" hall. The main objective was to provide an independent view on a wide range of aspects of current security attacks, their detection, and principles of effective defense. The program was accompanied by lectures on the fascinating topic of the Internet of Things (IoT).</p><p>The most interesting presentations were lecturer JUDr. Jan Kolouch's presentation on test attacks on users of social networks, AEC's own Martin Klubal's shocking revelation of data collection in the lecture "Social Networks Like Big Brother", and a detailed view of the problem of data leakage from the company Hacking Team by Doc. Dr. Ing. Petr Hanacek from the Faculty of Information Technology at VUT in Brno. Among the foreign speakers, Magnus Sköld from the company Check Point was the most well-received. The most interesting case study that was evaluated was the detailed analysis of a phishing attack on a bank by Marek Zeman of Tatra Banka.</p><p>The conference confirmed that it is an ideal forum for networking and sharing experience. Eight panel discussions were included in the program. The hacker competition has become increasingly popular. It is an accompanying event in which participants perform specific tasks for which they earn points. Under the leadership of AEC's penetration testers, participants perform attacks and try to break through various types of security.</p><p>The organizing company AEC has already begun preparations for the gala event, the 25th conference SECURITY. Other interesting topics for next year were divulged from a large number of responses from participants, completed questionnaires, and interviews. The organizers would like to take this opportunity to thank all of the speakers, participants, and everyone else who contributed to creating a special atmosphere at SECURITY 2016. They also promise to do everything for next year's conference where many security specialists will find inspiration for their hard work. More information about this event can be found at <a href=""></a>.<br></p>
Creation of ThreatMark Ltd. of ThreatMark Ltd.<p>We would like to announce the establishment of a new company, <a href="" target="_blank">ThreatMark s.r.o.</a> The creation of the company was the logical outcome of their own product development of the anti-fraud system (AFS).</p><p> The parent company, AEC Inc., is known among customers as a top-class supplier of security services and product security support with a high added-value. Their own product development and administration demand specific forms of management and structure. Due to the effort to separate these two distinct business models (AEC is primarily an SI and services supplier, while ThreatMark is a solution supplier), as well as regarding the goal of enhancing the competitiveness of the company on the domestic and foreign markets, we decided to single out the brand ThreatMark as an independent company.<br><br>ThreatMark Ltd., as it comes to the business aspect, will be focusing exclusively on foreign customers. AEC Ltd. continues to be the product license holder for the Czech and Slovak Republics.</p>
Free DLP to protect Exchange DLP to protect Exchange<h2>What do we offer? There are 2 possibilities:</h2><p>1. Protection against the leakage of sensitive information of the company through email free of charge in terms of promotion to antivirus and antispam protection for Exchange. In addition there is a license for antivirus and antispam for OS Linux including a completed mailing virtual server in the package.</p><p>2. Three products for the price of one</p><ul><li>Antivirus and antispam for Exchange (Kaspersky Security for Mail Server)</li><li>DLP for Exchange (Kaspersky Data Leakage Protection for Mail Server)</li><li>Antivirus and antispam for OS Linux including a finished/completed mailing virtual server (with one license the customer can have Exchange and Linux at once)</li></ul><p> </p><h2>General information:</h2><ul><li>Single console for administration of the product of Kaspersky Security for Microsoft Exchange Servers, including the DLP module.</li><li>The administration console can administrate several MS Exchange servers with the aid of configured profiles..</li><li>Kaspersky Security for Microsoft Exchange Servers, including the DLP module, uses only one SQL database (free version of MS SQL Express is sufficient).</li><li>Speedy implementation and activation of the DLP module just by registering the required license within a unified central administration.</li><li>Complex reporting on the basis of automatic and manual reports.</li><li>The product of Kaspersky Security for Microsoft Exchange Servers including the DLP module was completely created by the company Kaspersky Lab.</li><li>Single sign-on support, including cooperation with an Active Directory.</li><li>The product can be implemented on a Microsoft Exchange server, even though the operating system is secured by another company's security product.</li><li>Installation of the product doesn't take more than 30 minutes.</li></ul><p> </p><h2>Kaspersky Security for Microsoft Exchange Server:</h2><ul><li>Intelligent recognition of spam</li><li>Reputation filtering</li><li>Protection in real-time</li><li>On-demand scan or scheduled intervals in advance</li><li>Backup of erased or blocked emails and attachments</li><li>White and black list of domains and addresses</li><li>Active dashboard with up-to-date information</li><li>Detailed reporting with the aid of specific filters</li></ul><p> </p><h2>DLP (Data Leakage Protection) module and function – for free</h2><ul><li>Preset basic categories for speedy implementation (financial documents, document`s administration, immoral expressions, etc.)</li><li>Preset basic categories are automatically updated</li><li>Possibility of defining and adding your own dictionaries and expressions, including Czech and Slovak language</li><li>Structured Data Fingerprinting – ability to identify specific tables, e.g. data retrieved from internal CRM solution</li><li>The DLP module checks the essential supported formats and archives, including PDF documents</li><li>Emails might be deleted if the security criteria are met, returned to the user for adjustment, saved for later check up, or passed on to an accountable person for another action.</li></ul><p> </p><h2>Supported mailing servers:</h2><ul><li>Microsoft Exchange Server 2007 x64 Service Pack 3 (DLP module support is missing)</li><li>Microsoft Exchange Server 2010 SP3</li><li>Microsoft Exchange Server 2013 SP1</li></ul><p> </p><h2>Contact information</h2><p>Contact our business department at obchod[at] for questions or non-binding precalculation.</p><p> </p><h2>Documents for downloading</h2><p> <a href="/cz/Documents/Files/Kaspersky_Linux_Mail_Virus_Bulletin_result.pdf" target="_blank">Kaspersky_Linux_Mail_Virus_Bulletin_result.pdf</a><br><a href="/cz/Documents/Files/Kaspersky_Mail_Server_Security_Datasheet_CS.pdf" target="_blank">Kaspersky_Mail_Server_Security_Datasheet_CS.pdf</a><br><a href="/cz/Documents/Files/Kaspersky_Mail_Server_Security_Datasheet_ENG.pdf" target="_blank">Kaspersky_Mail_Server_Security_Datasheet_ENG.pdf </a></p>